||||
Symantec.com > Security Response > Threats and Risks > Adware.CtxPopup
PRINT THIS PAGE

Adware.CtxPopup

Printer Friendly Page

Updated: February 13, 2007 11:44:12 AM
Type: Adware
Publisher: www.webseeking.com
Risk Impact: Low
File Names: contextual.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Adware.CtxPopup is executed, it performs the following actions:
  1. Creates the file:

    %System%\CtxPopup.dll

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CtxPopup.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3857B9CB-DE72-4C97-9125-2DD460FB572A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\ProgID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\Programmable
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\VersionIndependentProgID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F461798E-C228-41D4-B6E4-01C3B158584B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F461798E-C228-41D4-B6E4-01C3B158584B}\ProxyStubClsid
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F461798E-C228-41D4-B6E4-01C3B158584B}\ProxyStubClsid32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F461798E-C228-41D4-B6E4-01C3B158584B}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3857B9CB-DE72-4C97-9125-2DD460FB572A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3857B9CB-DE72-4C97-9125-2DD460FB572A}\1.0
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3857B9CB-DE72-4C97-9125-2DD460FB572A}\1.0\0
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3857B9CB-DE72-4C97-9125-2DD460FB572A}\1.0\0\win32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3857B9CB-DE72-4C97-9125-2DD460FB572A}\1.0\FLAGS
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3857B9CB-DE72-4C97-9125-2DD460FB572A}\1.0\HELPDIR
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CtxPopup.IEObject
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CtxPopup.IEObject\CLSID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CtxPopup.IEObject\CurVer
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CtxPopup.IEObject.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CtxPopup.IEObject.1\CLSID
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CtxPopup.DLL\"AppID" = "{3857B9CB-DE72-4C97-9125-2DD460FB572A}"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3857B9CB-DE72-4C97-9125-2DD460FB572A}\"@" = "CtxPopup"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\VersionIndependentProgID\"@" = "CtxPopup.IEObject"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\TypeLib\"@" = "{3857B9CB-DE72-4C97-9125-2DD460FB572A}"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\ProgID\"@" = "CtxPopup.IEObject.1"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\InprocServer32\"@" = "C:\WINDOWS\System32\CtxPopup.dll"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\InprocServer32\"ThreadingModel" = "apartment"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\"@" = "CIEObject Object"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}\"AppID" = "{3857B9CB-DE72-4C97-9125-2DD460FB572A}"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F461798E-C228-41D4-B6E4-01C3B158584B}\TypeLib\"@" = "{3857B9CB-DE72-4C97-9125-2DD460FB572A}"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F461798E-C228-41D4-B6E4-01C3B158584B}\TypeLib\"Version" = "1.0"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F461798E-C228-41D4-B6E4-01C3B158584B}\ProxyStubClsid32\"@" = "{00020424-0000-0000-C000-000000000046}"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F461798E-C228-41D4-B6E4-01C3B158584B}\ProxyStubClsid\"@" = "{00020424-0000-0000-C000-000000000046}"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F461798E-C228-41D4-B6E4-01C3B158584B}\"@" = "IIEObject"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3857B9CB-DE72-4C97-9125-2DD460FB572A}\1.0\0\win32\"@" = "C:\WINDOWS\System32\CtxPopup.dll"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3857B9CB-DE72-4C97-9125-2DD460FB572A}\1.0\HELPDIR\"@" = "C:\WINDOWS\System32\"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3857B9CB-DE72-4C97-9125-2DD460FB572A}\1.0\FLAGS\"@" = "0"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3857B9CB-DE72-4C97-9125-2DD460FB572A}\1.0\"@" = "CtxPopup 1.0 Type Library"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CtxPopup.IEObject\CurVer\"@" = "CtxPopup.IEObject.1"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CtxPopup.IEObject\CLSID\"@" = "{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CtxPopup.IEObject\"@" = "CIEObject Object"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CtxPopup.IEObject.1\CLSID\"@" = "{5D647E9C-6B37-4636-9A78-DADB1EB93BDF}"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CtxPopup.IEObject.1\"@" = "CIEObject Object"

  3. Checks for updates to itself on the webseeking.com domain.

  4. Displays pop-up advertisements.


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS