When Adware.AdsInContext is executed, it performs the following actions:
- Creates the following files:
- %Temp%\[five random characters].tmp\GreatDealManipulate.dll
- %System%\hotplkug.dll
Notes:
- %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me), C:\WINNT\Temp (Windows NT), or C:\Documents and Settings\[Current User]\Local Settings\Temp (Windows 2000/XP).
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Adds the registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\hotplkug
HKEY_CURRENT_USER\Software\hotplkug
to store the settings for the Adware application.
- Installs %System%\hotplkug.dll as a browser helper object so that it executes when Internet Explorer is launched.
- Downloads advertisements from the adsincontext.com domain and displays them in Internet Explorer windows.
- Checks the adsincontext.com domain for newer versions of itself to download and execute.
