When Adware.AdServerNow is executed, it performs the following actions:
- Copies itself as the following file:
- %System%\[original file name]
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Adds the registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\AdServerNow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{595ACDCC-D4F4-43A4-8155-DD7EB1CA5DC0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdServerNow
to store the settings for the Adware application.
- Checks 66.230.130.210 and 212.100.254.88 domains for newer versions of itself to download and execute.
