||||
Symantec.com > Security Response > Threats and Risks > Adware.InstaFinder
PRINT THIS PAGE

Adware.InstaFinder

Printer Friendly Page

Updated: February 13, 2007 11:43:00 AM
Type: Adware
Version: 3.0.2.1
Publisher: http://www.instafinder.com
Risk Impact: Medium
File Names: instafink.dll instafin.dll instafinderk_inst.exe instafinder_inst.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Adware.InstaFinder is executed, it performs the following actions:
  1. Creates the following folders:

    • %ProgramFiles%\INSTAFINK
    • %ProgramFiles%\INSTAFINK\Cache
    • %ProgramFiles%\INSTAFINK\NewCfg
    • %ProgramFiles%\INSTAFIN

      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Copies itself as %ProgramFiles%\INSTAFINK\InstaFinderK_inst.exe.

  3. Downloads the following files:

    • %ProgramFiles%\INSTAFINK\instafink.dll
    • %ProgramFiles%\INSTAFINK\uninstall.exe
    • %Windir%\Downloaded Program Files\instafin.dll
    • %ProgramFiles%\INSTAFIN\uninstall.exe

      Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  4. Adds the value:

    "InstaFinderK" = "%ProgramFiles%\INSTAFINK\InstaFinderK_inst.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that Adware.InstaFinder runs every time Windows starts.

  5. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    \{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\instafink.INSTAFINK
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects
    \{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Uninstall\INSTAFINK
    HKEY_CURRENT_USER\Software\INSTAFINK
    HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-DCF7-F96DA086B434}
    HKEY_CLASSES_ROOT\instafin.INSTAFIN
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects
    \{4E7BD74F-2B8D-469E-DCF7-F96DA086B434}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Uninstall\INSTAFIN
    HEY_CURRENT_USER\Software\INSTAFIN
  6. Modifies the registry values as follows :

    HEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Bar" = ""
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant" = ""
    HEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\"provider" = "intranet"
  7. Redirects searchs for nonexistent sites to [http:/ /]www.instafinder.com/[REMOVED]

  8. May display advertisements and download other adware programs.


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS