Updated: February 13, 2007 11:43:01 AM
Type: Adware
Version: 1.2
Publisher: Linkz Internet Services
Risk Impact: Low
File Names:
APHelper.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.AdBlock is installed, the following actions are performed:
- Creates the following files:
- %Windir%\Downloaded Program Files\APHelper.dll
Note:
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- Creates the following registry keys:
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54EC170F-6EB1-47C6-9C4D-EB0BE20CE45E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93829908-07C2-44A2-95DB-F78F201A9B48}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCF99CD5-1BCF-4DB2-8197-E9864A99702B}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{12DEBC84-B743-423A-825C-049AD85309DC}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B33399E-89A6-4EA5-91A9-5DC72B7AF60A}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE1BC3C2-D245-4E64-A6B6-06425A3A5997}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A37D57BD-5A27-4F8C-AB59-E0F6A7A0E95A}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APHelper.APConfig
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APHelper.APConfig.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APHelper.APInstaller
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APHelper.APInstaller.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APHelper.APToolBarHelper
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APHelper.APToolBarHelper.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7E34CCAC-2531-450E-8746-80DA107ADAF5}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D1E435DB-EE0C-4A71-84A8-A270F03B3EE7}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EC170F-6EB1-47C6-9C4D-EB0BE20CE45E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{93829908-07C2-44A2-95DB-F78F201A9B48}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/APHelper.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{93829908-07C2-44A2-95DB-F78F201A9B48}
- HKEY_CURRENT_USER\Software\Linkz
- Adds the value:
"%Windir%\Downloaded Program Files\APHelper.dll" = "0x00000001"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
- Adds the value:
"Search Bar" = "http://adblock.linkz.com/abho/bandsearch.abs"
to the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
- Modifies the value:
"SearchAssistant" = "http://adblock.linkz.com/abho/bandsearch.abs"
in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
- Modifies the value:
"Search Page" = "http://linkz.com/"
in the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
- Adds tool bar button to the Internet Explorer and claims to be a popup blocker.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
