Updated: February 13, 2007 11:43:16 AM
Type: Adware
Publisher: Razor Media
Risk Impact: High
File Names:
wys.dll
wys5.dll
wys.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.WhileUSurf is executed, it performs the following actions:
- Creates the following files:
- %System%\wys.dll
- %System%\wys5.dll
- %System%\wys.exe
- %System%\svchost.dll
- %System%\printer32.dll
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Adds the following value:
"Spool" = "%CurrentFolder%\wys.exe /startup"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the risk runs every time Windows starts.
Note: %CurrentFolder% is a variable that refers to the folder where the risk was originally executed.
- Creates the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\While You Surf
- Adds the value:
"SCSI Drive Hash" = "[RANDOM NAME]"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
- Displays a high number of advertisements in Internet Explorer.
- Crashes Internet Explorer and slows down various applications.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
