Updated: February 13, 2007 11:45:34 AM
Type: Adware
Version: 1
Publisher: EnBrowser
Risk Impact: High
File Names: mbop1-0-3b.exe,SysCheckBop32.exe,
ssee.exe,sys[RANDOMNUMBERS].exe,
win32[RANDOMNUMBERS].exe,
ms[R
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows NT, Windows Server 2003, Windows XP
When Adware.WinBo is installed, it does the following:
- Creates the following registry subkeys and adds a number of values under these subkeys:
- Adds the value:
SystemCheck = "[path to original file]"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the risk runs every time Windows starts.
- Adds one of the values:
"Sys[RANDOMNUMBERS]" = "[path to original file]"
"WIN32[RANDOMNUMBERS"] = "[path to original file]"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\System\sysold
- Adds one of the values:
"Sys[RANDOMNUMBERS]" = "[path to original file]"
"WIN32[RANDOMNUMBERS]" = "[path to original file]"
to the registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the risk runs every time Windows starts.
- Adds the value:
"EnBrowser" = "[path to original file]"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
so that the risk runs every time Windows starts.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
