Home
Terms & Definitions
Parasites List
Categories
Threat Level
Contact Us
Spyware Information
Name: RapidBlaster
Threat Level:
Category: Adware
Aliases: rb32, after its original executable name.
Variants: RapidBlaster/v1 is the original version. RapidBlaster/lp is an update using a slightly different names. ('rb32 lptt01'.)

RapidBlaster/Rnd is an update which uses pseudo-random filenames which it fetches from its controlling server www.rapidblaster.com. If it fails to contact its server it will just use 'RapidBlaster\rb32.exe' as with older variants. If you remove it, it will reinstall itself using a new name. Filenames seen so far include:

Adaware\adaware.exe Aimaol\aimaol.exe
BelmontSoft\Bsoft.exe DonkeySoft\dkware.exe
efaxs\efaxs.exe explorer\explorer.exe
foobin\foobin.exe Icon\icon.exe
Iexplorer\iexplorer.exe Kazaa\kazaa.exe
Mcf\mcf.exe Microfinder\mcf.exe
msconfig\msconfig.exe mssurfer\surfer.exe
Msyss\msys.exe Newsgroup\newsgroup.exe
Notepad\Notepad.exe NvidStar\nvd32.exe
RapidBlaster\rb32.exe RealPlay\realplay.exe
spool\spool.exe Spybott\spybott.exe
Spyguard\Spywareguard.exe Surfer\surfer.exe
Syscon\syscon.exe Syslog\syslog.exe
Taskmngr\taskmngr.exe win32_I\win32_i.exe
Winsyslog\winsyslog.exe Winwan\winwan.exe
yahoo_toolbar\yahoo_toolbar.exe  

RapidBlaster/AInst is an ActiveX installer used to load v1 or lp.

Spyware Characteristics
Description: RapidBlaster is a task run on Windows startup. When an internet connection is present it periodically connects to its servers to fetch advertising.
Properties:
  • Stays resident in background.
  • Stealth: hides itself from user.
  • Show advertisements.
  • Connects to the internet by itself.

What it does?
Advertising: Yes, typically pop-ups for porn sites.
Privacy violation: Suspected: the privacy policy at the RapidBlaster site states cookies are used to profile the user's interests.

Security issues: Yes, Can download and execute arbitrary unsigned code pointed to by its controlling servers. Is known to install dialers such as DialerOffline.

RapidBlaster/AInst, if not removed, can also allow any web page to silently reinstall RapidBlaster.
Stability problems: None known.

Method of infection
ActiveX drive-by download on affiliate pages, including misleading download links (eg. 'megamovieblaster') and pop-ups.

Also installed by the ISTBar parasite.

Removal Instructions
bulletproofsoft.com "Spyware Remover" is the best tool for the removal of this spyware.

Links
Site: http://www.rapidblaster.com/