When Adware.Satbo runs, it performs the following actions:
- Creates the file, Svrhost.exe or Msstart.exe, in the %System% folder.
Note: %System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Adds the value:
"svrhost" = "%System%\Svrhost.exe"
or
"msstart" = "%System%\Msstart.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the adware runs when you start Windows.
- Adds the values:
"SM_AccessoriesName" = "Accessories"
"SM_GamesData" = "<random value>"
"SM_GamesSetup" = "0"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
- Attempts to download an XML file from 1234.2bro.com. The XML file contains the names of various computer game Web sites. Adware.Satbo reads this file and displays advertisements according to various parameters within the XML file.
