1. /
  2. Security Response/
  3. Adware.Inetex

Adware.Inetex

Updated:
February 13, 2007 11:38:13 AM
Type:
Adware
Publisher:
The Edge Tech
Risk Impact:
High
File Names:
varies
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.Inetex runs, it does the following:
  1. Copies itself to:

    %System%\<random filename>.exe

    Note: %System% is a variable. The adware locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Adds the subkey:

    INETEx

    to the registry key:

    HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\INETEx

    Adware settings are stored in this key.

  3. Modifies the (Default) value to:

    "INETEx"

    in the registry key:

    HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec\Application

  4. Resets the (Default)value to:

    WWW_OpenUrl

    in the registry key:

    HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec\Topic


  5. Modifies the (Default)value to:

    %System%\<random filename>.exe

    in the registry key:

    HKEY_CLASSES_ROOT\HTTP\shell\open\command

    The effect of the registry modifications described in steps 3 to 5 is to make Adware.Inetex the default browser.

  6. The Adware.Inetex process remains running in the background.

  7. If the default browser is called, for example, when a URL is entered into the Start > Run box, Adware.Inetex is called.

    Then, the adware opens two windows of the old default browser; one displays the old home page and the other displays an adult Web site.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver