Results 1 to 1 of 1
2014-06-03, 16:10 #1
What is UNINCAR by CITGEN? malware?
For several days IE 10 (on Win 7) had been crashing with the following (partial) in Event Manager:
Faulting module name: cumadis.dll, version: 0.0.0.0, time stamp: 0x5361a976
Faulting module path: C:\Users\...\AppData\Roaming\unincar\cumadis.dll
(There was also adcoing.dll in the same folder).
Note: I also run anti tracking software and there does seem to be "ad" imbedded in the file names.
Online search gave no useful information, several scanners (MS Essentials, Malawarebytes Pro, MS Safety Scanner, and others) did not flag as a problem.
Since unincar did not exist on any of my other Win7 boxes, first renamed the dll to see what would happen, overnight another fresh copy was installed.
Then uninstalled with Belmarc uninstaller, followed by CC Cleaner, but again came back overnight (coincidentally just after a win license validity check of some sort --- both times).
Found the installer event logged as:
Windows Installer installed the product. Product Name: unincar. Product Version: 1.0.0. Product Language: 1033. Manufacturer: citgen. Installation success or error status: 0.
Traced back and found a "master" installer in /AppData/local/temp/radDF7DE.temp_update.msi with several other installers in the .../windows/installer folder with names like 1e40aa55.mis. Creation dates seem to indicate a fresh installer was generated after each time I tried to disable the dll.
Eset online scanner finally seems to have removed it, but unfortunately I didn't catch what it found.
Googling the company (Citgen) locates a very uninformative website that raises more questions than it answers.
Persistent little devil, with hints of both malware and MS overtones. Since it did show up in add/remove programs, and had the usual add / repair / remove options, I don't think it was truly evil, just annoying.
Anyone know what this is / was?
Last edited by Glitch; 2014-06-03 at 16:40. Reason: typo