Updated: February 13, 2007 11:42:51 AM
Type: Spyware
Publisher: www.search-pounder.com
Risk Impact: High
File Names: pounder.exe,sysmonnt.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Spyware.SearchPounder is executed, it performs the following actions:
- May create the following files:
- %System%\vbdata00.dat
- %System%\sysmonnt.exe
- %System%\msinet.ocx
- %System%\unins000.exe
- %System%\unins000.dat
- %Windir%\unins000.dat
- %Windir%\unins000.exe
Notes:
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
- Adds the value:
"sysmonnt" = "%System%\sysmonnt.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the adware runs every time Windows starts.
- Creates the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\System Monitor for Windows 98/NT/XP/2000/2003_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{48E59293-9880-11CF-9754-00AA00C00908}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{48E59294-9880-11CF-9754-00AA00C00908}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{48E59295-9880-11CF-9754-00AA00C00908}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{48E59291-9880-11CF-9754-00AA00C00908}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{48E59292-9880-11CF-9754-00AA00C00908}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
\{48E59290-9880-11CF-9754-00AA00C00908}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InetCtls.Inet
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InetCtls.Inet.1
- Sends keywords typed in HTML forms and popular search engines to its own server on the search.antarasystems.com domain.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
