Updated: February 13, 2007 11:44:32 AM
Type: Adware
Version: 1.0.3.0
Publisher: Sunny View Inc
Risk Impact: Low
File Names: ctadl3.dll,cttdl.cab
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When Adware.NaughtyPops is executed, it performs the following actions:
- Creates the following files:
- %System%\ctadl3.dll
- %WinDir%\Downloaded Program Files\ctadl.inf
Notes:
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- Creates the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41}
so that the risk runs every time Internet Explorer starts.
- Creates the following registry keys:
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D1A6EF-8CBC-458A-84B5-0333562418CD}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07E890E3-EF0C-4EA6-9F79-C5749ACA9CC1}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{96515724-397E-48C7-8974-86C203E666E1}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{458BE2D9-F8DB-43D1-A7EF-73E29C4EF9B6}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ctadl1.ctadl
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ctadl1.ctadl.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ctadl1.ctadlctrl
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ctadl1.ctadlctrl.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ctadl3.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87D1A6EF-8CBC-458A-84B5-0333562418CD}
- HKEY_LOCAL_MACHINE\SOFTWARE\APDL
- Display advertisements based on URLs and/or search terms you enter while browsing the internet.
- Updates itself automatically.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
