SecurityHome.eu Adware:Win32/AddLyrics

Home / malware PDF

Adware:Win32/AddLyrics

First posted on 08 April 2013.
Source: Microsoft
Aliases :
There are no other names known for Adware:Win32/AddLyrics.
Explanation :

Adware:Win32/AddLyrics may be installed from the "addlyrics.net" website, or be installed by offers in third-party software installers.

Installation

It installs itself as a Chrome extension, an Internet Explorer add-on, and a Firefox plug-in by creating the following files:

Chrome extension:

%ProgramFiles%\Chrome.crx

%APPDATA%\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.0_0\addlyrics128.png

%APPDATA%\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.0_0\addlyrics16.png

%APPDATA%\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.0_0\addlyrics48.png

%APPDATA%\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.0_0\background.html

%APPDATA%\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.0_0\background.js

%APPDATA%\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.0_0\contentscript.js

%APPDATA%\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.0_0\manifest.json

Internet Explorer add-on:

%ProgramFiles%\AddLyrics\AddLyrics.dll

%ProgramFiles%\AddLyrics\r.log

%ProgramFiles%\AddLyrics\YTLUpdater.exe

Firefox plug-in:

%ProgramFiles%\AddLyrics\FF\chrome.manifest

%ProgramFiles%\AddLyrics\FF\chrome\content\addlyrics32.png

%ProgramFiles%\AddLyrics\FF\chrome\content\main.js (detected as Adware:Win32/AddLyrics)

%ProgramFiles%\AddLyrics\FF\chrome\content\overlay.xul

%ProgramFiles%\AddLyrics\FF\install.rdf

Adware:Win32/AddLyrics updates itself by creating a scheduled Windows task called "YTLUpdater.exe" that runs daily.

It also creates an installation entry called "AddLyrics" in the Programs and Features section of the Control Panel. Running this uninstaller removes Adware:Win32/AddLyrics from your computer.

Execution

Once installed, Adware:Win32/AddLyrics displays advertisements in your browser window, and also displays the lyrics to songs if you view a song on "YouTube".

Below is an example of the advertisements it displays:

Analysis by Chris Stubbs

Last update 08 April 2013

TOP

Malware :

Last 20