1. /
  2. Security Response/
  3. Adware.BDE

Adware.BDE

Updated:
February 13, 2007 11:33:11 AM
Type:
Adware
Version:
Not available
Publisher:
Brilliant Digital
Risk Impact:
High
File Names:
Not available
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Adware.BDE is an adware program that displays animated advertisements. However, this adware application contains functionality so that any computer that has it installed will become part of a large network. At the time of this writing, this functionality was not enabled, although it can be remotely enabled at any time.
Also, because this functionality is not yet enabled, we do not know what it could be used for.

When Adware.BDE is installed, it does the following:
  1. Inserts several files in the %System% folder.


    Note: %System% is a variable. The adware application locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the folders:

    • C:\BDE
    • C:\Windows\BDE
    • C:\Program Files\BDE

  3. May add the value:

    "b3dupdate"

    to the registry subkey

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the program starts when you start Windows.

  4. May add some of the following registry subkeys: 

    HKEY_CLASSES_ROOT\s3d_auto_file
    HKEY_CLASSES_ROOT\.b3d
    HKEY_CLASSES_ROOT\.b3dini
    HKEY_CLASSES_ROOT\b3d_auto_file
    HKEY_CLASSES_ROOT\b3dini_auto_file
    HKEY_CLASSES_ROOT\ADM25.ADM25
    HKEY_CLASSES_ROOT\ADM25.ADM25.1
    HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl
    HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl.1
    HKEY_ALL_USERS\Software\Brilliant Digital Entertainment
    HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller
    HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller.1
    HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25.1
    HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25
    HKEY_LOCAL_MACHINE\SOFTWARE\Brilliant Digital Entertainment
    HKEY_CLASSES_ROOT\CLSID\{51958169-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6}
    HKEY_CLASSES_ROOT\CLSID\{1D3BCE37-7834-4579-8169-E6781420A98}
    HKEY_CLASSES_ROOT\Interface\{51958167-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\Interface\{51958168-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\Interface\{258a3625-183b-4477-aee2-ea54df6d878d}
    HKEY_CLASSES_ROOT\Typelib\{51958166-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}
    HKEY_CLASSES_ROOT\TypeLib\{676F6D1D-C559-42A9-860B-27C1477B7179}
    HKEY_CLASSES_ROOT\Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6}
    HKEY_CLASSES_ROOT\CLSID\{3EEC42B5-FB94-40D3-A588-BB54B383A7CB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bdeplayer


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver