1. /
  2. Security Response/
  3. Adware.Bookedspace

Adware.Bookedspace

Updated:
February 13, 2007 11:35:04 AM
Type:
Adware
Risk Impact:
High
File Names:
rem00001.dll oo4.dll bxxs5.dll Other names exist.
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

During installation, Adware.Bookedspace does not display any information on screen. Instead, it relies on a third-party product to do so.

When Adware.Bookedspace is installed, it performs the following actions:
  1. Adds the value:

    "[name of .dll file]" = "RunDLL32.exe [path to .dll file], DllRun"

    to the registry key:

    HKey_Local_Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that Adware.Bookedspace executes each time Windows starts.


    Note: [name of .dll file] and [path to .dll file] are variables representing the name of the adware .dll file and the path to that adware .dll file, respectively.

  2. Creates the registry keys:

    HKEY_CLASSES_ROOT\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
    HKEY_CLASSES_ROOT\AppID\{0DC5CD7C-F603-4417-AA43-D457BE3A9622}
    HKEY_CLASSES_ROOT\AppID\{C3C54527-7B65-4EE9-9FE3-9BC61E9B9880}
    HKEY_CLASSES_ROOT\AppID\{5CD19420-B328-47D5-A55F-1C07638EFDF8}
    HKEY_CLASSES_ROOT\AppID\BookedSpace.DLL
    HKEY_CLASSES_ROOT\AppID\Remanent.DLL
    HKEY_CLASSES_ROOT\BookedSpace.Extension.5
    HKEY_CLASSES_ROOT\BookedSpace.Extension.3
    HKEY_CLASSES_ROOT\BookedSpace.Extension
    HKEY_CLASSES_ROOT\Remanent.Helper
    HKEY_CLASSES_ROOT\Remanent.Helper.1
    HKEY_CLASSES_ROOT\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
    HKEY_CLASSES_ROOT\CLSID\{2B3452C5-1B9A-440F-A203-F6ED0F64C895}
    HKEY_CLASSES_ROOT\CLSID\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}
    HKEY_CLASSES_ROOT\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
    HKEY_CLASSES_ROOT\TypeLib\{C3C54527-7B65-4EE9-9FE3-9BC61E9B9880}
    HKEY_CLASSES_ROOT\TypeLib\{5CD19420-B328-47D5-A55F-1C07638EFDF8}
    HKEY_CLASSES_ROOT\Interface\{05080E6B-A88A-4CFD-8C3D-982557670B6E}
    HKEY_CLASSES_ROOT\Interface\{AE640486-0E29-4F7E-BF38-9CBE7140AEFB}
    HKEY_CLASSES_ROOT\Interface\{56EBFFE6-9557-46C2-A322-DB1DF5CAF199}
    HKEY_LOCAL_MACHINE\SOFTWARE\Bookedspace
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B3452C5-1B9A-440F-A203-F6ED0F64C895}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}


  3. Displays the pop-up windows with advertisements.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver