1. /
  2. Security Response/
  3. Adware.SecondThought

Adware.SecondThought

Updated:
August 11, 2008 1:56:39 AM
Type:
Adware
Name:
Second Thought
Publisher:
CPM Media, Ltd.
Risk Impact:
Medium
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Vista, Windows NT, Windows 2000
The risk must be manually installed.

When executed, the risk creates the following files:
  • %System%\Stcloader.exe
  • %System%\2ndsrch.dll
  • %System%\winupdt.exe
  • %System%\winupdt1.exe
  • %System%\winupdt.001
  • %System%\winupdt.bin
  • %SystemDrive%\myPcsearch.exe
  • %SystemDrive%\stcupdt.exe
  • %SystemDrive%\zodiac.ico
  • %SystemDrive%\travel.ico
  • %ProgramFiles%\STC\bundles.exe
  • %ProgramFiles%\STC\bundles118.exe
  • %ProgramFiles%\STC\bundles53.exe
  • %ProgramFiles%\STC\STC.exe
  • %UserProfile%\Desktop\Best Online Casino.url
  • %UserProfile%\Desktop\FREE Travel Voucher.url
  • %UserProfile%\Desktop\myPCsearch.lnk
  • %UserProfile%\Desktop\Second Thought.lnk

It then creates the following registry entries so that it runs every time Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"stcloader" = "%System%\stcloader.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"winupdtl" = "%System%\winupdtl.exe"

It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\STC
  • HKEY_CURRENT_USER\Software\Bundles
  • HKEY_CURRENT_USER\Software\AUN

Adware.SecondThought may download other security risks, including some of the following:

The downloaded files are saved in the following folder:
%Windir%\bundles
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver