SecurityHome.eu Adware:Win32/SmartAdsSolutions

Home / malware PDF

Adware:Win32/SmartAdsSolutions

First posted on 24 May 2010.
Source: SecurityHome
Aliases :
Adware:Win32/SmartAdsSolutions is also known as Adware.AdSmart.E (BitDefender), Win32/Lifze.C (ESET), Trojan.Win32.BHO.agbz (Kaspersky), Generic PUP.x!dt (McAfee), BHO.ZXE (Norman), Adware.Win3.SmartAdsSolutions (Sunbelt Software), Adware.EZLife (Symantec).
Explanation :
Adware:Win32/SmartAdsSolutions is a program that creates and displays pop-up advertising.
Top

Adware:Win32/SmartAdsSolutions is a program that creates and displays pop-up advertising. InstallationAdware:Win32/SmartAdsSolutions installs itself as a Web browser helper object (BHO) that runs when the Web browser Internet Explorer is launched. When run, Win32/SmartAdsSolutions creates the following files: <system folder>\<random file name>.dll (e.g. rbkzmhie.dll) - Adware:Win32/BHO.G %ProgramFiles%\Smart-ads-solutions\smartads\<version number>\uninstall.exe Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. The registry is modified to run Win32/SmartAdsSolutions as a BHO. Adds key: "Smart-Ads-Solutions"In subkey: HKCU\SoftwareIn subkey: HKLM\Software Adds key: "SmartAds"In subkey: HKCU\Software\Smart-Ads-SolutionsIn subkey: HKLM\Software\Smart-Ads-Solutions Adds key: "Instl"In subkey: HKLM\Software\Smart-Ads-Solutions\SmartAds Adds value: "InstallDir"
With data: "<installation directory of Win32/SmartAdsSolutions>"
(for example, "%ProgramFiles%\Smart-Ads-Solutions\SmartAds\1.5.2.0")
In subkey: HKEY_LOCAL_MACHINE\Software\Smart-Ads-Solutions\SmartAds\Instl Adds key: "{A9722A0D-365F-47D2-B70B-37D046316D99}"In subkey: HKLM\SOFTWARE\Classes\AppID Adds key: "instl"In subkey: HKLM\SOFTWARE\Classes\AppID\{A9722A0D-365F-47D2-B70B-37D046316D99} Adds key: "Data"In subkey: HKLM\SOFTWARE\Classes\AppID\{A9722A0D-365F-47D2-B70B-37D046316D99}\instl Adds value: "prdctId"
With data: "adPro"
In subkey: HKLM\SOFTWARE\Classes\AppID\{A9722A0D-365F-47D2-B70B-37D046316D99}\instl\Data Adds value: "aflId"With data: "orgnl"In subkey: HKLM\SOFTWARE\Classes\AppID\{A9722A0D-365F-47D2-B70B-37D046316D99}\instl\Data
Adds value: "hrdId"
Adds value: "instlDay"
Adds value: "sftId"
In subkey: HKLM\SOFTWARE\Classes\AppID\{A9722A0D-365F-47D2-B70B-37D046316D99}\instl\Data Adds key: "{< unique class id >}" (e.g. "{4C6B4763-7DD5-4AEE-8265-6780B5D3378D}")In subkey: HKLM\SOFTWARE\Classes\CLSID Adds value: "(default)"
With data: "adHlpr Object"
To subkey: HKLM\SOFTWARE\Classes\CLSID \{< unique class id >} Adds value: "(default)"
With data: "<installation directory of Win32/SmartAdsSolutions>" (e.g. "%windir%\system32\kukomlfi.dll" or "%windir%\system32\zzuteubm.dll")
To subkey: HKLM\SOFTWARE\Classes\CLSID\{< unique class id >}\InprocServer32 Adds value: "(default)"
With data: "adHlpr.adHlpr.1.0"
To subkey: HKLM\SOFTWARE\Classes\CLSID\{< unique class id >}\ProgID Adds value: "(default)"
With data: "{A9722A0D-365F-47D2-B70B-37D046316D99}"
To subkey: HKLM\SOFTWARE\Classes\CLSID\{< unique class id >}\TypeLib Adds value: "(default)"
With data: "adHlpr.adHlpr"
To subkey: HKLM\SOFTWARE\Classes\CLSID\{< unique class id >}\ VersionIndependentProgID Adds key: "adHlpr.adHlpr"Adds key: "adHlpr.adHlpr.1.0"To subkey: HKLM\SOFTWARE\Classes Adds value: "(default)"
With data: "{7BE99C54-A75A-491F-B684-FD5E8E990E98}"
To subkey: HKLM\SOFTWARE\Classes\adHlpr.adHlpr\CLSID Adds value: "(default)"
With data: "adHlpr.adHlpr.1.0"
To subkey: HKLM\SOFTWARE\Classes\adHlpr.adHlpr\CurVer Adds value: "(default)"
With data: "{7BE99C54-A75A-491F-B684-FD5E8E990E98}"
To subkey: HKLM\SOFTWARE\Classes\adHlpr.adHlpr.1.0\CLSID Adds key: "{< unique class id >}" (e.g. "{4C6B4763-7DD5-4AEE-8265-6780B5D3378D}")To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Adds value: "(default)"
With data: "SmartAds browser enhancer <installed dll component file name>" (for example, "SmartAds browser enhancer zzuteubm" or "SmartAds browser enhancer kukomlfi")
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{< unique class id >} Adds key: "Smart-Ads-Solutions"To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall Adds value: "DisplayName"
With data: "SmartAds browser enhancer"To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions Adds value: "NoModify"
With data: "adHlpr.adHlpr.1.0"To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions
Adds value: "NoRepair"
With data: "adHlpr.adHlpr.1.0"To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions
Adds value: "UninstallString"
With data: "<file path to Win32/SmartAdsSolutions uninstaller>"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions Additional InformationAfter installation, this adware is visible as a Web browser add-on via "Tools | Manage Add-Ons" within Internet Explorer as "SmartAds browser enhancer".

Analysis by Michael Johnson
Last update 24 May 2010

TOP

Malware :

Last 20