1. /
  2. Security Response/
  3. Adware.SP2Update

Adware.SP2Update

Updated:
February 13, 2007 11:46:09 AM
Type:
Adware
Version:
1.00
Publisher:
n\a
Risk Impact:
High
File Names:
sp2update.exe
Systems Affected:
Windows 2000, Windows 98, Windows CE, Windows Me, Windows NT, Windows Server 2003, Windows XP

Once executed, Adware.SP2Update performs the following actions:
  1. Copies itself to %Windir%\sp2update.exe.

    Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  2. Adds the value:

    "sp2update" = "%Windir%\sp2update.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs every time Windows starts.

  3. Monitors keywords entered into Internet Explorer windows and URLs visited. This information is then sent to the remote server [http://]www.sp2msupdateresearch.com/[REMOVED]
  4. Downloads and displays advertisements from [http://]www.bannersandpopups.com/[REMOVED]


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver