||||
Symantec.com > Security Response > Threats and Risks > Adware.Keenval
PRINT THIS PAGE

Adware.Keenval

Printer Friendly Page

Updated: February 13, 2007 11:34:06 AM
Type: Adware
Version: 1.6
Publisher: eUniverse.com
Risk Impact: High
File Names: %CommonProgramFiles%\KeenValue\IESliderWin32.dll %CommonProgramFiles%\KeenValue\Keenvalue.exe %C
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When KeenValue.exe is executed, it performs the following actions:
  1. May create some of the following files and folders:

    • %CommonProgramFiles%\KeenValue\IESliderWin32.dll
    • %CommonProgramFiles%\KeenValue\Keenvalue.exe
    • %CommonProgramFiles%\KeenValue\KeenValueInstall_with_track_120.exe
    • %CommonProgramFiles%\KeenValue\Killkeenvalue.exe
    • %CommonProgramFiles%\KeenValue\Kv???.dat
    • %CommonProgramFiles%\KeenValue\Kvlhookwin.dll
    • %CommonProgramFiles%\KeenValue\Kwm.exe
    • %CommonProgramFiles%\KeenValue\SendUninstallInfo.exe
    • %CommonProgramFiles%\KeenValue\Setup_incredifind_ultimatesaver_with_track.exe
    • %CommonProgramFiles%\KeenValue\Tipb.exe
    • %CommonProgramFiles%\KeenValue\Uninstall.exe
    • %CommonProgramFiles%\KeenValue\Setup_powersearch_ultimateSaver_with_track.exe
    • %CommonProgramFiles%\updmgr
    • %CommonProgramFiles%\KeenValue
    • %CommonProgramFiles%\updater\delupdat.exe
    • %CommonProgramFiles%\updater\wupdater.exe
    • %CommonProgramFiles%\updater\sui.exe
    • %CommonProgramFiles%\updater\data1.dat
    • %CommonProgramFiles%\updater\data2.dat
    • C:\updaterInstall_112.exe
    • %System%\setup_incred_9.exe
    • %System%\unins000.dat
    • %System%\unins000.exe
    • %System%\somatic.dll
    • %ProgramFiles%\PerfectNav\BHO\PerfectNav150c.dll
    • %ProgramFiles%\MSBB\keen_value_installer.exe
    • %ProgramFiles%\MyFreeCursors
    • %ProgramFiles%\Dynamic Toolbar\SOMATIC
    • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KeenValue.lnk

      Note:
    • %CommonProgramFiles% is a variable that refers to the Common Files folder. By default, this is C:\Program Files\Common Files.
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Adds the values:

    "KeenValue" = "%CommonProgramFiles%\KeenValue\KeenValue.exe"
    "updater" = "%CommonProgramFiles%\updater\wupdater.exe"
    "updmgr" = "%CommonProgramFiles%\updmgr\rvupdmgr.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the adware is executed every time Windows starts.

  3. Adds the value:

    "{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}" = ""

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    HKEY\CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

  4. Adds the value:

    "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}" = ""

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks

  5. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\Software\KeenValue
    HKEY_LOCAL_MACHINE\Software\eUniverse
    HKEY_LOCAL_MACHINE\Software\updater
    HKEY_LOCAL_MACHINE\Software\    IncrediFind
    HKEY_LOCAL_MACHINE\Software\    PerfectNav
    HKEY_CURRENT_USER\Software\    Dynamic Toolbar\SOMATIC
    HKEY_LOCAL_MACHINE\Software\Classes\BHO.PerfectNavBHO
    HKEY_LOCAL_MACHINE\Software\Classes\BHO.PerfectNavBHO.1
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}
    HKEY_LOCAL_MACHINE\Software\Classes    \CLSID\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}
    HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}
    HKEY_LOCAL_MACHINE\Software\Classes\Typelib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
    HKEY_LOCAL_MACHINE\Software\Classes\somatic.SOMATIC
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KeenValue
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search-O-Matic Toolbar_is1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D60FF48-95BE-4956-B4C6-6BB168A70310}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS