1. /
  2. Security Response/
  3. Adware.IEDriver

Adware.IEDriver

Updated:
February 13, 2007 11:36:38 AM
Type:
Adware
Publisher:
Verticity Pakistan (Pvt) Ltd., URLBlaze (urlblaze.com)
Risk Impact:
High
File Names:
iedriver.exe,ieupdate.exe,Td.exe
Systems Affected:
Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.IEDriver is installed, it does the following:
  1. Creates the folder, %System%\iedriver and sets the attributes to hidden.


    Note: %System% is a variable. The adware locates the System folder and creates the iedriver directory at that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following files:

    • %System%\Sb.htm
    • %System%\Sx.htm
    • %System%\iedriver\iedriver.bin
    • %System%\iedrive\iedriver.exe
    • %System%\iedrive\ieupdate.exe
    • %System%\iedrive\Td.exe
    • %System%\iedrive\Sx.htm
    • %System%\iedrive\Vi.tty
    • %System%\iedrive\Vii.tty
    • %System%\iedrive\3.exe
    • %System%\iedrive\5.exe

  3. Adds one of the values:

    "IEDriver" = "%System%\IEDRIVER.EXE"
    "IEDriver"="%System%\IEdriver\Iedriver.exe"


    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the adware runs when Windows starts.

  4. Creates the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall
    \{BC3BBF86-E4EC-4412-9676-8355468B3B05}

  5. Adds the values:

    "Display Name" = "IE Driver"
    "UninstallString" = "%System%\IEdriver\3.exe /c IEDriver"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\{BC3BBF86-E4EC-4412-9676-8355468B3B05}


  6. Adds the values:

    "DisplayName" = "PopKiller"
    "UninstallString" = "%SYSTEM%\IEDriver\3.exe /c PopKiller"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\{F20239CB-33DC-4ec6-959E-73EDEA0FE4D7}

  7. Adds the values:

    "DisplayName" = "TurboDownload"
    "UninstallString" = "%SYSTEM%\TD.exe /c"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\{1A00C40B-DA85-4aa3-A67F-582D9347EECD}


  8. Adds the values:

    "DisplayName" = "TextHighlight"
    "UninstallString" = "%SYSTEM%\IEDriver\3.exe /c TextHighLight"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\{14D108C8-DD97-4b78-8B50-C981500ABB8F}

  9. Adds the value:

    "ConnectionType" = "0x1"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\TurboDownload

  10. Modifies the value:

    "Search Bar" = "file:/ /%System%\sb.htm"

    in the registry subkey:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

  11. Contacts the Web site www.adsrve.com.

  12. Generates frequent pop-up advertisements.

  13. May download an executable from the Web. This file may be an update of itself.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver