Updated: February 13, 2007 11:39:50 AM
Type: Spyware
Risk Impact: High
File Names: Bms.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003
When the Spyware.DigitalNames is installed, it does following:
- Creates the registry keys:
HKEY_CLASSES_ROOT\CLSID\{C18517DA-CA70-46CE-86F4-882F6B62E975}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C18517DA-CA70-46CE-86F4-882F6B62E975}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C18517DA-CA70-46CE-86F4-882F6B62E975}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NOVAGS
- Creates the following files:
- %ProgramFiles%\uBiz\Mykey\Bms.dll
- %System%\Novagsx.exe
- %System%\novapd99.exe
- %System%\novaini.ini
Note:
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Attempts to contact the following location to update itself:
[http://]222.239.74.153/novavers[REMOVED]
- Attempts to delete the following file, if it exists.
%System%\novapd99.exe
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
