1. /
  2. Security Response/
  3. Adware.Satbo

Adware.Satbo

Updated:
February 13, 2007 11:34:41 AM
Type:
Adware
Version:
not available
Publisher:
not available
Risk Impact:
Medium
File Names:
Setupad.exe,Svrhost.exe,Msstart.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Adware.Satbo runs, it performs the following actions:
  1. Creates the file, Svrhost.exe or Msstart.exe, in the %System% folder.


    Note: %System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).


  2. Adds the value:

    "svrhost" = "%System%\Svrhost.exe"

    or

    "msstart" = "%System%\Msstart.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the adware runs when you start Windows.

  3. Adds the values:

    "SM_AccessoriesName" = "Accessories"
    "SM_GamesData" = "<random value>"
    "SM_GamesSetup" = "0"

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

  4. Attempts to download an XML file from 1234.2bro.com. The XML file contains the names of various computer game Web sites. Adware.Satbo reads this file and displays advertisements according to various parameters within the XML file.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver