Adware.AdRoar

Printer Friendly Page

Updated: February 13, 2007 11:35:58 AM

Type: Adware

Risk Impact: High

File Names: Cpr.dll Adroar.dll ARUPdate.exe cpruninst.exe wast2.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.AdRoar is executed, it does the following:

Creates the following registry subkeys:

HKEY_CLASSES_ROOT\cpr.IEHelperOP
HKEY_CLASSES_ROOT\CLSID\{FAC6E0E1-5D45-4907-BC00-302D702DCC73}
HKEY_CURRENT_USER\Software\Cpr
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPRHKEY_CLASSES_ROOT\\AdRoar.Band.1 HKEY_CLASSES_ROOT\AdRoar.Band HKEY_CLASSES_ROOT\CLSID\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} HKEY_CLASSES_ROOT\TypeLib\{ACE8D3BA-7742-44C4-920D-FD25BD1E8245} HKEY_CLASSES_ROOT\Interface\{91D91D21-8008-429D-821C-7266AAC84A9F}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WCPR HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPR HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WAST HKEY_ALL_USERS\Software\AdRoarPlugin HKEY_LOCAL_MACHINE\SOFTWARE\Wast
May add one of the following values:

"Wast" = "[PATH TO ADWARE]"
"AdRoarUpdate" = "[PATH TO ADWARE]"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the risk is executed every time Windows starts.
May add the following value:

"{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}" = ""
to the registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Periodically contacts iads.adroar.com to download advertisements.
May download and install updated versions of itself.
May create some of the following files:
- %Windir%\artmmp.ini
- %UserProfile%\Desktop\Get $10 FREE Now at Zodiac Casino.url
- %UserProfile%\Desktop\High Rollers Club Casino.url
- %UserProfile%\Desktop\Casino.url
- %UserProfile%\Desktop\Free Website.url
- %UserProfile%\Desktop\Guardster.url
- %UserProfile%\Desktop\Sportsbook.url
- %Windir%\zodiac.ico
- %Windir%\gsc_48x48_04.ico
  
  Note:
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}