Adware.VirtualBouncer

Printer Friendly Page

Updated: February 13, 2007 11:34:09 AM

Type: Adware

Publisher: SpywareLabs Inc

Risk Impact: Medium

File Names: VirtualBouncer.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Some versions of Adware.VirtualBouncer will display an End Use License Agreement (EULA) when they are installed, giving the software the right to download and install "updates" to the software from its servers.

Other versions may perform these actions silently, without telling the user what is happening.

Depending on the version, some of the following may happen:

Creates the following files:
- %ProgramFiles%\VBouncer\VBouncer.exe
- %ProgramFiles%\VBouncer\VBDNR.dll
- %AppData%\VBouncer\*.*
- %UserPrograms%\Virtual Bouncer\*.lnk
- %System%\vb2uninstaller4_19.EXE
  
  Note: %ProgramFiles% is a variable that refers to the Program Files folder. By default, this is C:\Program Files.
  %AppData% is a variable that refers to the following folder: C:\Documents and Settings\All Users\Application Data
  %UserPrograms% is a variable that refers to the following folder: C:\Documents and Settings\<current user>\Start Menu\Programs
  %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Modifies the value:

"VBouncer" = "C:\PROGRA~1\VBouncer\VBouncer.exe"

in the registry subkey:

HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVerison\Runso that the adware will run on start-up.
Creates the following registry subkeys:

HKEY_CLASSES_ROOT\CLSID\{25AE1A9B-87D2-418F-A3A6-5A46EDC37A84} HKEY_CLASSES_ROOT\CLSID\{9CC6F6D3-8B13-4206-ABC1-8B285F9413A7} HKEY_CLASSES_ROOT\CLSID\{9FE4D9E6-13BB-43E0-8C74-9800573DA4D6} HKEY_CLASSES_ROOT\CLSID\{A85C505E-AAE3-4CB0-AEE1-CB8213B140FB} HKEY_CLASSES_ROOT\CLSID\{B0BE4BBC-C1B6-4EA3-B346-7358FEC20248} HKEY_CLASSES_ROOT\CLSID\{BE40278C-1C4E-4A63-BC3D-811646900A1A} HKEY_CLASSES_ROOT\CLSID\{CF0FBBF5-1DDD-4D58-B480-AC2C2A4186D3} HKEY_CLASSES_ROOT\CLSID\{DCB5773B-4D84-4E6F-8E21-96F2A5B431A8} HKEY_CLASSES_ROOT\CLSID\{EEC056CE-3E1B-4571-BEE1-EAB9876B35F8} HKEY_CLASSES_ROOT\Interface\{0990E9A3-FC49-4AA8-91CE-F738BCBB7C8F} HKEY_CLASSES_ROOT\Interface\{261214CB-3021-4DE0-9D21-5957ACD1781A} HKEY_CLASSES_ROOT\Interface\{2C2EBD54-ED76-4343-902B-336D1DB63763} HKEY_CLASSES_ROOT\Interface\{36C9C487-E14F-4BB9-9882-AC613193EE46} HKEY_CLASSES_ROOT\Interface\{6A4C71B1-1A79-483A-A400-F026936CC7B7} HKEY_CLASSES_ROOT\Interface\{85D1E607-0C1A-4E69-BA9B-2E5FFA382D68} HKEY_CLASSES_ROOT\Interface\{88EB5B21-0FE7-4208-8F1C-26915F7E2432} HKEY_CLASSES_ROOT\Interface\{934E4898-DE90-45E1-ADF4-C383DCAE7B26} HKEY_CLASSES_ROOT\Interface\{BE05F07D-131C-4935-941B-0D41CEB07E67} HKEY_CLASSES_ROOT\Interface\{E2B951F0-9F32-4260-90F7-A988BEFF7F0C} HKEY_CLASSES_ROOT\Interface\{F634E01A-833A-49FB-BAE2-3A00CECC3A94} HKEY_CLASSES_ROOT\TypeLib\{73D7ABFE-D325-430A-817F-64C7BFD48813} HKEY_CLASSES_ROOT\VBDNR.cCookie HKEY_CLASSES_ROOT\VBDNR.cErrorLog HKEY_CLASSES_ROOT\VBDNR.cHistory HKEY_CLASSES_ROOT\VBDNR.cRegistryRoutines HKEY_CLASSES_ROOT\VBDNR.cScheduler HKEY_CLASSES_ROOT\VBDNR.cSignature HKEY_CLASSES_ROOT\VBDNR.cThreatLevel HKEY_CLASSES_ROOT\VBDNR.cUserSettings HKEY_CLASSES_ROOT\VBDNR.DNRDirector HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Bouncer HKEY_ALL_USERS\Software\VB and VBA Program Settings HKEY_ALL_USERS\Software\VB and VBA Program Settings\VBouncer HKEY_ALL_USERS\Software\VB and VBA Program Settings\VBouncer\Settings

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}