Home / malwarePDF  

Spyware:Win32/Webdir


First posted on 15 February 2019.
Source: Microsoft

Aliases :

Spyware:Win32/Webdir is also known as W32/Webdir.G, Adware.Generic.MQT, Win32/Adware.Webdir, AdWare.Win32.Webdir.b, Win32/Ribdew.F, Adware-Webdir.

Explanation :

Webdir is a Web Browser Helper Object (BHO) used to collect user information and display targeted advertisings using Internet Explorer browser. Webdir attempts to modify certain visited urls to include affiliate IDs.  InstallationWebdir is a Win32 DLL and may be installed by other programs as a BHO. The DLL may be present as a file named 'VirtualDNS.DLL'. When loaded and executed, the DLL makes the following registry modifications: Adds value: "(default)"With data: "cvirtualdnsobj object"To subkey: HKLMSOFTWAREClassesVirtualDNS.VirtualDNSObj.1 Adds value: "(default)"      With data: "{86c510e9-97ef-4749-914f-0280247be3a6}"To subkey: HKLMSOFTWAREClassesVirtualDNS.VirtualDNSObj.1CLSID

Adds value: "(default)"      With data: "cvirtualdnsobj object"To subkey: HKLMSOFTWAREClassesVirtualDNS.VirtualDNSObj

Adds value: "(default)"      With data: "{86c510e9-97ef-4749-914f-0280247be3a6}"To subkey: HKLMSOFTWAREClassesVirtualDNS.VirtualDNSObjCLSID Adds value: "(default)"      With data: "virtualdns.virtualdnsobj.1"To subkey: HKLMSOFTWAREClassesVirtualDNS.VirtualDNSObjCurVer Adds value: "(default)"      With data: "cvirtualdnsobj object"To subkey: HKLMSOFTWAREClassesCLSID{86C510E9-97EF-4749-914F-0280247BE3A6} Adds value: "(default)"      With data: "virtualdns.virtualdnsobj.1"To subkey: HKLMSOFTWAREClassesCLSID{86C510E9-97EF-4749-914F-0280247BE3A6} Adds value: "(default)"      With data: "cvirtualdnsobj object"To subkey: HKLMSOFTWAREClassesCLSID{86C510E9-97EF-4749-914F-0280247BE3A6}ProgID Adds value: "(default)"      With data: "virtualdns.virtualdnsobj"To subkey: HKLMSOFTWAREClassesCLSID{86C510E9-97EF-4749-914F-0280247BE3A6}VersionIndependentProgID Adds value: "(default)"      With data: "VirtualDNS.DLL"To subkey: HKLMSOFTWAREClassesCLSID{86C510E9-97EF-4749-914F-0280247BE3A6}InprocServer32 Adds value: "(default)"      With data: "VirtualDNS.DLL, 1"To subkey: HKLMSOFTWAREClassesCLSID{86C510E9-97EF-4749-914F-0280247BE3A6}ToolboxBitmap32 Adds value: "(default)"      With data: "0"To subkey: HKLMSOFTWAREClassesCLSID{86C510E9-97EF-4749-914F-0280247BE3A6}MiscStatus Adds value: "(default)"      With data: "131473"To subkey: HKLMSOFTWAREClassesCLSID{86C510E9-97EF-4749-914F-0280247BE3A6}MiscStatus1 Adds value: "(default)"      With data: "{143414d1-c324-4d6f-9756-5075d9a4a485}"To subkey: HKLMSOFTWAREClassesCLSID{86C510E9-97EF-4749-914F-0280247BE3A6}TypeLib Adds value: "(default)"      With data: "1.0"To subkey: HKLMSOFTWAREClassesCLSID{86C510E9-97EF-4749-914F-0280247BE3A6}Version Adds value: "(default)"      With data: "virtualdns 1.0 type library"To subkey: HKLMSOFTWAREClassesTypeLib{143414D1-C324-4D6F-9756-5075D9A4A485}1.0 Adds value: "(default)"      With data: "0"To subkey: HKLMSOFTWAREClassesTypeLib{143414D1-C324-4D6F-9756-5075D9A4A485}1.0FLAGS Adds value: "(default)"With data: "VirtualDNS.DLL"To subkey: HKLMSOFTWAREClassesTypeLib{143414D1-C324-4D6F-9756-5075D9A4A485}1.0win32 Adds value: "(default)"      With data: ""To subkey: HKLMSOFTWAREClassesTypeLib{143414D1-C324-4D6F-9756-5075D9A4A485}1.0HELPDIR Adds value: "(default)"      With data: "ivirtualdnsobj"To subkey: HKLMSOFTWAREClassesInterface{1F63B171-E2F3-4362-A484-8563144D62E6} Adds value: "(default)"      With data: "{00020424-0000-0000-c000-000000000046}"To subkey: HKLMSOFTWAREClassesInterface{1F63B171-E2F3-4362-A484-8563144D62E6}ProxyStubClsid Adds value: "(default)"      With data: "{00020424-0000-0000-c000-000000000046}"To subkey: HKLMSOFTWAREClassesInterface{1F63B171-E2F3-4362-A484-8563144D62E6}ProxyStubClsid32 Adds value: "(default)"      With data: "{143414d1-c324-4d6f-9756-5075d9a4a485}"To subkey: HKLMSOFTWAREClassesInterface{1F63B171-E2F3-4362-A484-8563144D62E6}TypeLib Adds value: "(default)"      With data: "virtualdns"To subkey: HKLMSOFTWAREClassesAppID Adds value: "AppID"      With data: "0"To subkey: HKLMSOFTWAREClassesAppIDVirtualDNS.DLL  Additional InformationWin32/WebDir requests information from the following URL: rss.everer.com/rssfeed.xml  Analysis by Oleg Petrovsky

Last update 15 February 2019

 

TOP

Malware :