Updated: August 11, 2008 1:56:39 AM
Type: Adware
Name: Second Thought
Publisher: CPM Media, Ltd.
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Vista, Windows NT, Windows 2000
The risk must be manually installed.
When executed, the risk creates the following files:
- %System%\Stcloader.exe
- %System%\2ndsrch.dll
- %System%\winupdt.exe
- %System%\winupdt1.exe
- %System%\winupdt.001
- %System%\winupdt.bin
- %SystemDrive%\myPcsearch.exe
- %SystemDrive%\stcupdt.exe
- %SystemDrive%\zodiac.ico
- %SystemDrive%\travel.ico
- %ProgramFiles%\STC\bundles.exe
- %ProgramFiles%\STC\bundles118.exe
- %ProgramFiles%\STC\bundles53.exe
- %ProgramFiles%\STC\STC.exe
- %UserProfile%\Desktop\Best Online Casino.url
- %UserProfile%\Desktop\FREE Travel Voucher.url
- %UserProfile%\Desktop\myPCsearch.lnk
- %UserProfile%\Desktop\Second Thought.lnk
It then creates the following registry entries so that it runs every time Windows starts:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"stcloader" = "%System%\stcloader.exe"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"winupdtl" = "%System%\winupdtl.exe"
It also creates the following registry subkeys:
- HKEY_CURRENT_USER\Software\STC
- HKEY_CURRENT_USER\Software\Bundles
- HKEY_CURRENT_USER\Software\AUN
Adware.SecondThought may download other security risks, including some of the following:
The downloaded files are saved in the following folder:
%Windir%\bundles
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
