Updated: February 13, 2007 11:35:12 AM
Type: Adware
Version: 1.0.0.2
Publisher: Steve Suslow (ipend.com)
Risk Impact: High
File Names: C:\Windows\cu.exe,C:\Windows\ip.dll,C:\Windows\Min.rpf,C:\Windows\Mach.exe,C:\Windows\Mach.csv
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Adware.iPend consists of the following components:
- Ip.dll (A Browser Helper object.)
- Mach.exe (An updater component.)
- Cu.exe (An updater component.)
- Min.rpf (A configuration file.)
- Mach.csv (A configuration file.)
Once installed, Adware.iPend performs the following actions:
- Monitors browsing habits and searches for Web pages that contain a list of keywords. The keywords are stored in the configuration file Min.rpf.
Note: The configuration files are only text files and are not detected as Adware.iPend.
- If a match is found, the keyword is changed to a link that points to a particular Web site.
- Creates some of the following registry subkeys:
HKEY_LOCAL_MACHINE\Software\IPend
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{8D91ECD1-2A29-41B8-9988-FD892F07F859}
HKEY_CLASSES_ROOT\WebBehavior.WebBehaviorBHO.1
HKEY_CLASSES_ROOT\WebBehavior.WebBehaviorBHO
HKEY_CLASSES_ROOT\WebBehavior.WebBehaviorAPP.1
HKEY_CLASSES_ROOT\WebBehavior.WebBehaviorAPP
HKEY_CLASSES_ROOT\CLSID\{8D91ECD1-2A29-41B8-9988-FD892F07F859}
HKEY_CLASSES_ROOT\CLSID\{0054AD19-7E4E-4AE4-B275-20F237280F5C}
HKEY_CLASSES_ROOT\TypeLib\{F6907B2E-DAA6-4330-A8E0-3C22E3815795}
HKEY_CLASSES_ROOT\Interface\{8A8591C8-CE97-4207-A6FB-8D5BF7B7C056}
- Checks for updates to itself on the following Web site:
[http://]ipend.datastorm.biz/[REMOVED]
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
