Adware.Rabio

When the program is executed, it creates the following folders:

• C:\Documents and Settings\All Users\Application Data\Rabio\
• C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer\
• %ProgramFiles%\RCSE\

It then creates the following files:

• %UserProfile%\Start Menu\Programs\Startup\Rabio - Auto Update.lnk
• %ProgramFiles%\RCSE\Execution.dll
• %ProgramFiles%\RCSE\rcse.dll
• %ProgramFiles%\RCSE\rcse.dll.intermediate.manifest
• %ProgramFiles%\RCSE\se.exe
• %ProgramFiles%\RCSE\se.original
• %ProgramFiles%\RCSE\Setup.log
• %ProgramFiles%\RCSE\un_RCSESetup_15856.exe
• %ProgramFiles%\RCSE\un_RCSESetup_15856.txt
• %ProgramFiles%\RCSE\X_se.exe
• %ProgramFiles%\RCSE\X_se.log

It also creates the following registry subkeys:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C2E5D27-A17C-4D89-85DD-3553C189380D}
• HKEY_CURRENT_USER\Software\RCSE
• HKEY_CLASSES_ROOT\AppID\RCSE.DLL
• HKEY_CLASSES_ROOT\AppID\{89CC26BC-9256-4CCA-A7F3-B9D6C48DBA71}
• HKEY_CLASSES_ROOT\CLSID\{1C2E5D27-A17C-4D89-85DD-3553C189380D}
• HKEY_CLASSES_ROOT\Interface\{923CA88A-AE69-49AF-BF65-9A3123B14CCB}
• HKEY_CLASSES_ROOT\Rabio.RabioBHO.1
• HKEY_CLASSES_ROOT\Rabio.RabioBHO
• HKEY_CLASSES_ROOT\TypeLib\{8C36D71B-0A48-4D38-9DEF-2A2A2669D0C9}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C2E5D27-A17C-4D89-85DD-3553C189380D}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rabio
• HKEY_LOCAL_MACHINE\SOFTWARE\Rabio
  
  

It then creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Rabio RCSE (4.4.0.0) = " "

The program attempts to connect to the following Web sites:

• server.rabio.com
• www.rabio.com

It registers itself as a Browser Helper Object for Internet Explorer.

The program attempts to redirect users to a Web site that displays advertisements.

Summary