1. /
  2. Security Response/
  3. Adware.AdsInContext

Adware.AdsInContext

Updated:
February 13, 2007 11:42:22 AM
Type:
Adware
Version:
1.0.617
Risk Impact:
Medium
File Names:
GreatDealManipulate.dll hotplkug.dll incinstall_1.0.617.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.AdsInContext is executed, it performs the following actions:
  1. Creates the following files:

    • %Temp%\[five random characters].tmp\GreatDealManipulate.dll
    • %System%\hotplkug.dll

      Notes:
    • %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me), C:\WINNT\Temp (Windows NT), or C:\Documents and Settings\[Current User]\Local Settings\Temp (Windows 2000/XP).
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Adds the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\hotplkug
    HKEY_CURRENT_USER\Software\hotplkug

    to store the settings for the Adware application.

  3. Installs %System%\hotplkug.dll as a browser helper object so that it executes when Internet Explorer is launched.

  4. Downloads advertisements from the adsincontext.com domain and displays them in Internet Explorer windows.

  5. Checks the adsincontext.com domain for newer versions of itself to download and execute.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver