When Adware.Bonzi is executed, the installer does the following:
- Creates the following folders:
- %ProgramFiles%\ BonziBUDDY
- %UserProfile%\Start Menu\Programs\BonziBUDDY
Note:
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- Drops the following files:
- %System%\BonziTapFilters.dll
- %System%\IEHelperMiddleMan.dll
- %UserProfile%\Desktop\BonziBUDDY.lnk
- %UserProfile%\Desktop\Speed Up My Computer.url
- %UserProfile%\Start Menu\Programs\Startup\BonziBUDDY.lnk
- %Windir%\msagent\chars\Bonzi.acs
Note:
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
- Creates the following registry subkeys:
HKEY_CLASSES_ROOT\.BBMA
HKEY_CLASSES_ROOT\.BonziMAIL_Message
HKEY_CLASSES_ROOT\BonziBDY.Document
HKEY_CLASSES_ROOT\BonziMAIL_Messagefile
HKEY_CLASSES_ROOT\BonziBUDDY.CPeriod
HKEY_CLASSES_ROOT\BonziBUDDY.CCalendarVBPeriod
HKEY_CLASSES_ROOT\BonziBUDDY.CCalendarVBPeriods
HKEY_CLASSES_ROOT\BonziBUDDY.CPeriods
HKEY_CLASSES_ROOT\BonziBUDDY.clsAddressBook
HKEY_CLASSES_ROOT\BonziBUDDY.clsBBPlayer
HKEY_CLASSES_ROOT\BonziBUDDY.clsClickTheButton
HKEY_CLASSES_ROOT\BonziBUDDY.clsDownloadManager
HKEY_CLASSES_ROOT\BonziBUDDY.clsRegistration
HKEY_CLASSES_ROOT\BonziBUDDY.clsStoryReader
HKEY_CLASSES_ROOT\BonziCTBHelper.clsBonziCTBHelper
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandCloseToast
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandShowToast
HKEY_CLASSES_ROOT\BonziTapFilters.clsSubscription
HKEY_CLASSES_ROOT\BonziTapFilters.clsTapEvent
HKEY_CLASSES_ROOT\BonziTapFilters.clsFiltration
HKEY_CLASSES_ROOT\BonziTapFilters.clsContent
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandSpeak
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandSetIEHomePage
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandRaiseEven
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandPlay
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandOpenWeb
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandMsgBoxOnYes
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandMsgBoxOnNo
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandMsgBox
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandHTTPPost
HKEY_CLASSES_ROOT\BonziTapFilters.clsCommandDownloadFile
HKEY_CLASSES_ROOT\BonziTapFilters.clsBonziContent
HKEY_CLASSES_ROOT\IEHelperMiddleMan.IEHlprObj
HKEY_CLASSES_ROOT\IEHelperMiddleMan.IEHlprObj.1
HKEY_CLASSES_ROOT\CLSID\{210787C2-92B0-4776-8E80-14C02174893D}
HKEY_CLASSES_ROOT\CLSID\{7B6B6079-A483-43F4-9376-1CC374BA3600}
HKEY_CLASSES_ROOT\CLSID\{D985E1B8-E314-4D36-B095-EBD4C5295F69}
HKEY_CLASSES_ROOT\CLSID\{F4900F6A-055F-11D4-8F9B-00104BA312D6}
HKEY_CLASSES_ROOT\CLSID\{F4900F8D-055F-11D4-8F9B-00104BA312D6}
HKEY_CLASSES_ROOT\CLSID\{F4900F96-055F-11D4-8F9B-00104BA312D6}
HKEY_CLASSES_ROOT\CLSID\{F8B44545-C2E0-46C3-B78B-11E821C9D2E1}
HKEY_CLASSES_ROOT\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}
HKEY_CLASSES_ROOT\CLSID\{3B89AD5A-42A2-4258-9242-D67EB0C80442}
HKEY_CLASSES_ROOT\CLSID\{53F082C5-72FE-49D5-A34F-C054CAD30DD0}
HKEY_CLASSES_ROOT\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}
HKEY_CLASSES_ROOT\CLSID\{5D11B6DC-358A-44B3-B2AC-22B5DCBC936B}
HKEY_CLASSES_ROOT\CLSID\{7C3845B5-4B34-43CE-99DE-3BFAD5308E68}
HKEY_CLASSES_ROOT\CLSID\{82CA10AE-D2F8-441E-A01D-4DFC46F37612}
HKEY_CLASSES_ROOT\CLSID\{837CCA31-1813-40EA-80BC-ABA9D97CB64B}
HKEY_CLASSES_ROOT\CLSID\{856B6CBE-B0C1-4B4D-8586-2D6E9DF3E4F2}
HKEY_CLASSES_ROOT\CLSID\{962F96F8-624C-4B0E-B055-F2F1D1DEFF0E}
HKEY_CLASSES_ROOT\CLSID\{A031FBF6-81A7-4440-9E20-51ABB2289E4B}
HKEY_CLASSES_ROOT\CLSID\{A7AA73E0-F6F9-4967-B209-AA1B11C47DCF}
HKEY_CLASSES_ROOT\CLSID\{D3CD5F89-BFE3-4BAD-AC10-25751A08811C}
HKEY_CLASSES_ROOT\CLSID\{E26DD3CD-B06C-47BA-9766-5F264B858E09}
HKEY_CLASSES_ROOT\CLSID\{E509D0E0-DA02-4D16-BA63-70F23CAC74C8}
HKEY_CLASSES_ROOT\CLSID\{F2394898-748D-4415-8CE8-65E429445B33}
HKEY_CLASSES_ROOT\CLSID\{F4900F67-055F-11D4-8F9B-00104BA312D6}
HKEY_CLASSES_ROOT\CLSID\{F5A31F2F-122F-4615-A9B7-90841538EC7C}
HKEY_CLASSES_ROOT\CLSID\{F77A2B0F-476C-4536-BEB1-2CB17CA6BCBC}
HKEY_CLASSES_ROOT\CLSID\{F91F3264-454B-45BE-A402-FE0E56BB9315}
HKEY_CLASSES_ROOT\CLSID\{FE56C7A2-AAF1-47F2-9B68-4057D7FF5B4A}
HKEY_CLASSES_ROOT\CLSID\{74266FA9-E6C8-11D3-B48F-0080C77B28D9}
HKEY_CLASSES_ROOT\Interface\{120C5484-09BA-4936-98B9-1B0C15C9CE5E}
HKEY_CLASSES_ROOT\Interface\{17B3C2CB-6697-4736-BEE7-69F363F1F35E}
HKEY_CLASSES_ROOT\Interface\{22DF5084-12BC-4C98-8044-4FAD06F4119A}
HKEY_CLASSES_ROOT\Interface\{3D08842D-983E-4226-8D6E-612965EB32D9}
HKEY_CLASSES_ROOT\Interface\{44279F35-8ED3-4234-9D61-069AE93EFBEC}
HKEY_CLASSES_ROOT\Interface\{4BBFAACC-619C-4A9D-A32C-A8B3453CE783}
HKEY_CLASSES_ROOT\Interface\{565029F7-D84E-4EDC-BF87-A204645DA3EA}
HKEY_CLASSES_ROOT\Interface\{6549F504-C43A-43F3-B8CD-D077AF0427C8}
HKEY_CLASSES_ROOT\Interface\{6A96C266-F125-4D60-8BE0-C247349A7CE4}
HKEY_CLASSES_ROOT\Interface\{6DC6A7A5-0862-406E-8FD9-E4D5ADB93AED}
HKEY_CLASSES_ROOT\Interface\{89E800DE-5C96-4802-8DA6-2CF50C9D19AF}
HKEY_CLASSES_ROOT\Interface\{8E71A3F9-CECF-4DC4-ACCF-3DD01C843A45}
HKEY_CLASSES_ROOT\Interface\{993D6CAC-49A8-40D9-BD97-405281136E78}
HKEY_CLASSES_ROOT\Interface\{A4E0988E-24BE-4570-B4D8-982F1386E0C6}
HKEY_CLASSES_ROOT\Interface\{A56BE8E7-6B37-43DD-88F4-6D42E57CA1D7}
HKEY_CLASSES_ROOT\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}
HKEY_CLASSES_ROOT\Interface\{BD6F0855-7792-4131-A06F-AA2A991E0549}
HKEY_CLASSES_ROOT\Interface\{CB6F59F9-FA69-4D14-9D96-4BB3190E3DF5}
HKEY_CLASSES_ROOT\Interface\{F4900F66-055F-11D4-8F9B-00104BA312D6}
HKEY_CLASSES_ROOT\Interface\{FDF3D1E0-2DA2-4238-AF4F-026670289749}
HKEY_CLASSES_ROOT\Interface\{0570bf7b-e1bf-4ef3-bc37-7ae3f54bd605}
HKEY_CLASSES_ROOT\Interface\{7679e16d-9af0-439d-be07-7bff15459c59}
HKEY_CLASSES_ROOT\Interface\{9fbcd665-010a-4c21-be40-9de2bdf34e50}
HKEY_CLASSES_ROOT\Interface\{d7ba20a4-7049-416f-a7e4-97530442d62f}
HKEY_CLASSES_ROOT\Interface\{f4900f68-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\Interface\{f4900f69-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\Interface\{f4900f6b-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\Interface\{f4900f8c-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\Interface\{f4900f95-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\TypeLib\{50A2C2B1-5A56-4183-B1D0-3F59877BAD60}
HKEY_CLASSES_ROOT\Typelib\{AAB7FAED-91F8-4591-8E4C-9291D2B7F381}
HKEY_CLASSES_ROOT\Typelib\{f4900f5d-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer
\Browser Helper Objects\{74266FA9-E6C8-11D3-B48F-0080C77B28D9}#
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\BONZIBUDDY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type
\application/bonzi-mail-message
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BonziBUDDY
- Adds the value:
"BonziBUDDY"
to the registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the adware runs when you start Windows.
- Changes the Internet Explorer home page and search pages. The home page may be reset to the following:
[http://]www.bonzi.com/[REMOVED]/bonziportal/index.asp
- May send Internet usage statistics to a remote server or downloads advertisements when certain keywords are typed in Internet Explorer.
