Adware.IEDriver

Printer Friendly Page

Updated: February 13, 2007 11:36:38 AM

Type: Adware

Publisher: Verticity Pakistan (Pvt) Ltd., URLBlaze (urlblaze.com)

Risk Impact: High

File Names: iedriver.exe,ieupdate.exe,Td.exe

Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.IEDriver is installed, it does the following:

Creates the folder, %System%\iedriver and sets the attributes to hidden.

Note: %System% is a variable. The adware locates the System folder and creates the iedriver directory at that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Creates the following files:
- %System%\Sb.htm
- %System%\Sx.htm
- %System%\iedriver\iedriver.bin
- %System%\iedrive\iedriver.exe
- %System%\iedrive\ieupdate.exe
- %System%\iedrive\Td.exe
- %System%\iedrive\Sx.htm
- %System%\iedrive\Vi.tty
- %System%\iedrive\Vii.tty
- %System%\iedrive\3.exe
- %System%\iedrive\5.exe
Adds one of the values:

"IEDriver" = "%System%\IEDRIVER.EXE""IEDriver"="%System%\IEdriver\Iedriver.exe"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the adware runs when Windows starts.
Creates the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\{BC3BBF86-E4EC-4412-9676-8355468B3B05}
Adds the values:

"Display Name" = "IE Driver""UninstallString" = "%System%\IEdriver\3.exe /c IEDriver"
to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\{BC3BBF86-E4EC-4412-9676-8355468B3B05}
Adds the values:

"DisplayName" = "PopKiller" "UninstallString" = "%SYSTEM%\IEDriver\3.exe /c PopKiller"to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\{F20239CB-33DC-4ec6-959E-73EDEA0FE4D7}
Adds the values:

"DisplayName" = "TurboDownload" "UninstallString" = "%SYSTEM%\TD.exe /c"to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\{1A00C40B-DA85-4aa3-A67F-582D9347EECD}
Adds the values:

"DisplayName" = "TextHighlight" "UninstallString" = "%SYSTEM%\IEDriver\3.exe /c TextHighLight"to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\{14D108C8-DD97-4b78-8B50-C981500ABB8F}
Adds the value:

"ConnectionType" = "0x1"to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\TurboDownload
Modifies the value:

"Search Bar" = "file:/ /%System%\sb.htm"

in the registry subkey:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Contacts the Web site www.adsrve.com.
Generates frequent pop-up advertisements.
May download an executable from the Web. This file may be an update of itself.

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}