1. /
  2. Security Response/
  3. Adware.InetAntispy

Adware.InetAntispy

Updated:
February 13, 2007 11:39:00 AM
Type:
Adware
Publisher:
BuySmarter
Risk Impact:
Medium
File Names:
Regms.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.InetAntispy is run, it does the following:
  1. Creates a randomly named .dat file in the Windows %Temp% folder.

    Note: %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).

  2. Creates a randomly named .ini file in the current working folder.

  3. Adds the value:

    "[FILE NAME]" = "[PATH TO ADWARE\FILE NAME].exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  4. Creates the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    \{3ec8e271-fab9-418a-8a8e-65aeb4029e64}


    which registers %Temp%\[RANDOM FILE NAME].dat as a Browser Helper Object.

  5. Periodically attempts to download and display advertising content.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver