1. /
  2. Security Response/
  3. Adware.AdServerNow

Adware.AdServerNow

Updated:
February 13, 2007 11:42:26 AM
Type:
Adware
Version:
1.0.0.2
Risk Impact:
Low
File Names:
adservernow.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.AdServerNow is executed, it performs the following actions:
  1. Copies itself as the following file:

    • %System%\[original file name]

      Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Adds the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\AdServerNow
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{595ACDCC-D4F4-43A4-8155-DD7EB1CA5DC0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdServerNow

    to store the settings for the Adware application.

  3. Checks 66.230.130.210 and 212.100.254.88 domains for newer versions of itself to download and execute.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver