1. /
  2. Security Response/
  3. Adware.Keenval

Adware.Keenval

Updated:
February 13, 2007 11:34:06 AM
Type:
Adware
Version:
1.6
Publisher:
eUniverse.com
Risk Impact:
High
File Names:
%CommonProgramFiles%\KeenValue\IESliderWin32.dll %CommonProgramFiles%\KeenValue\Keenvalue.exe %C
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When KeenValue.exe is executed, it performs the following actions:
  1. May create some of the following files and folders:

    • %CommonProgramFiles%\KeenValue\IESliderWin32.dll
    • %CommonProgramFiles%\KeenValue\Keenvalue.exe
    • %CommonProgramFiles%\KeenValue\KeenValueInstall_with_track_120.exe
    • %CommonProgramFiles%\KeenValue\Killkeenvalue.exe
    • %CommonProgramFiles%\KeenValue\Kv???.dat
    • %CommonProgramFiles%\KeenValue\Kvlhookwin.dll
    • %CommonProgramFiles%\KeenValue\Kwm.exe
    • %CommonProgramFiles%\KeenValue\SendUninstallInfo.exe
    • %CommonProgramFiles%\KeenValue\Setup_incredifind_ultimatesaver_with_track.exe
    • %CommonProgramFiles%\KeenValue\Tipb.exe
    • %CommonProgramFiles%\KeenValue\Uninstall.exe
    • %CommonProgramFiles%\KeenValue\Setup_powersearch_ultimateSaver_with_track.exe
    • %CommonProgramFiles%\updmgr
    • %CommonProgramFiles%\KeenValue
    • %CommonProgramFiles%\updater\delupdat.exe
    • %CommonProgramFiles%\updater\wupdater.exe
    • %CommonProgramFiles%\updater\sui.exe
    • %CommonProgramFiles%\updater\data1.dat
    • %CommonProgramFiles%\updater\data2.dat
    • C:\updaterInstall_112.exe
    • %System%\setup_incred_9.exe
    • %System%\unins000.dat
    • %System%\unins000.exe
    • %System%\somatic.dll
    • %ProgramFiles%\PerfectNav\BHO\PerfectNav150c.dll
    • %ProgramFiles%\MSBB\keen_value_installer.exe
    • %ProgramFiles%\MyFreeCursors
    • %ProgramFiles%\Dynamic Toolbar\SOMATIC
    • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KeenValue.lnk

      Note:
    • %CommonProgramFiles% is a variable that refers to the Common Files folder. By default, this is C:\Program Files\Common Files.
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Adds the values:

    "KeenValue" = "%CommonProgramFiles%\KeenValue\KeenValue.exe"
    "updater" = "%CommonProgramFiles%\updater\wupdater.exe"
    "updmgr" = "%CommonProgramFiles%\updmgr\rvupdmgr.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the adware is executed every time Windows starts.

  3. Adds the value:

    "{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}" = ""

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    HKEY\CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

  4. Adds the value:

    "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}" = ""

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks

  5. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\Software\KeenValue
    HKEY_LOCAL_MACHINE\Software\eUniverse
    HKEY_LOCAL_MACHINE\Software\updater
    HKEY_LOCAL_MACHINE\Software\
    IncrediFind
    HKEY_LOCAL_MACHINE\Software\
    PerfectNav
    HKEY_CURRENT_USER\Software\
    Dynamic Toolbar\SOMATIC
    HKEY_LOCAL_MACHINE\Software\Classes\BHO.PerfectNavBHO
    HKEY_LOCAL_MACHINE\Software\Classes\BHO.PerfectNavBHO.1
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}
    HKEY_LOCAL_MACHINE\Software\Classes
    \CLSID\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}
    HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}
    HKEY_LOCAL_MACHINE\Software\Classes\Typelib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
    HKEY_LOCAL_MACHINE\Software\Classes\somatic.SOMATIC
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KeenValue
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search-O-Matic Toolbar_is1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D60FF48-95BE-4956-B4C6-6BB168A70310}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D1F7-EB6DB99AA97D}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver