1. /
  2. Security Response/
  3. Adware.Jraun

Adware.Jraun

Updated:
February 13, 2007 11:36:33 AM
Type:
Adware
Publisher:
jraun.com
Risk Impact:
Medium
File Names:
Version.exe Keyhost.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Version.exe is executed, it does the following:
  1. Adds the value:

    "version" = "%system%\version.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the adware runs when you start Windows.

  2. Adds the values:

    "version" ="0"
    "sys" ="%system"
    "lastdate"="0"


    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Redirectkey

  3. Attempts to download and execute files. At the time of writing, the two downloaded files are Keyhost.exe and Setup.exe (saved to disk as
    %System%\Setup_123.exe).

  4. Setup.exe installs "Golden Palace Casino PT," an online gambling program, onto your computer.

  5. Keyhost.exe does the following:

    1. Drops an HTML file, %System%\Keyhost.exe, which contains a blank Web page titled, "Enter your search keywords here."
    2. Adds the value:

      "WinEssential" = "%system%\keyhost.exe"

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    3. Adds the value:

      "Enter:your:search:keywords:here"" = "%system%\keyhost.htm"

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

    4. Adds the value:

      "sys" = "%system"

      "lastdate"="0"


      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Redirectkey

    Summary| Technical Details| Removal

    Search Threats

    Search by name
    Example: W32.Beagle.AG@mm
    STAR Antimalware Protection Technologies
    Internet Security Threat Report
    Symantec DeepSight Screensaver