||||
Symantec.com > Security Response > Threats and Risks > Adware.WinTaskAd
PRINT THIS PAGE

Adware.WinTaskAd

Printer Friendly Page

Updated: February 13, 2007 11:41:03 AM
Type: Adware
Publisher: windupdates.com
Risk Impact: High
File Names: creditdan_WinTaskAdInstPack.exe WinProject.dll WinSched.exe WinTaskAd.exe AdStatServ.exe AdSt
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Adware.WinAdTask is executed, it performs the following actions:
  1. Creates the following legitimate file:

    %System%\ide21201.vxd

    Note: %System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  2. Adds the values:

    "Windows TaskAd" = "[PATH TO THE ADWARE]"
    "AdStatus Service" = "[PATH TO THE ADWARE]"
    "AdTools Service"  = "[PATH TO THE ADWARE]"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  3. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    Windows TaskAd
    HKEY_LOCAL_MACHINE\    SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    AdStatus Service
    HKEY_LOCAL_MACHINE\SOFTWARE\Preview AdService
    HKEY_LOCAL_MACHINE\SOFTWARE\Windows TaskAd
    HKEY_LOCAL_MACHINE\SOFTWARE\AdStatus Service
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinStatX.Installer
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinadX.Installer
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdManCtlx.Installer
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdTools Service

  4. Creates the following files:

    • %ProgramFiles%\AdStatus Service.
    • %ProgramFiles%\AdStatServ.exe
    • %ProgramFiles%\AdStatKeep.exe
    • %ProgramFiles%\AdStatComm.dll
    • %ProgramFiles%\Info.txt
    • %ProgramFiles%\Windows TaskAd
    • %ProgramFiles%\WinTaskAd.exe
    • %ProgramFiles%\WinSched.exe
    • %ProgramFiles%\WinProject.dll
    • %ProgramFiles%\Info.txt
    • %Windir%\Temp\creditdan_WinTaskAdInstPack.exe
    • %UserProfile%\Local Settings\Temp\creditdan_WinTaskAdInstPack.exe


      Notes:
    • %ProgramFiles% is a variable. By default, this is C:\Program Files.
    • %Windir% is a variable. By default, this is C:\Windows (Windows 95/98/Me), C:\Winnt or C:\Windows (Windows XP/NT/2000).
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).

  5. Creates the folder %ProgramFiles%\Preview AdService, which contains the files PrevAdComm.dll and Info.txt.

  6. Displays advertisements.

  7. May reset the Internet Explorer home page.


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS