||||
Symantec.com > Security Response > Threats and Risks > Adware.GotSmiley
PRINT THIS PAGE

Adware.GotSmiley

Printer Friendly Page

Updated: February 13, 2007 11:46:18 AM
Type: Adware
Publisher: GAIN Publishing
Risk Impact: Low
File Names: GotSmileySetupWebSite.exe GotSmiley.exe GotSmileyHelper.dll GSYSmileyLibInfo.dll GSYUpdater.ex
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Adware.GotSmiley is installed, it performs the following actions:
  1. Creates files and folders in the following directories:

    • %UserProfile%\GSY_Temp
    • %UserProfile%\Temp
    • %ProgramFiles%\GotSmiley
    • %Windir%\Prefetch

      the files created will have the following extensions:

    • .gif
    • .dll
    • .exe
    • .url
    • .xml
    • .ht
    • .css
    • .ini
    • .tmp
    • .pf

      Note:
    • %ProgramFiles% is a variable that refers to the Program Files folder. By default, this is %ProgramFiles%.
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  2. Creates the following registry subkeys:

    HKEY_CLASSES_ROOT\CLSID\{309A4386-D229-42DD-BA17-983747DA35B0}
    HKEY_CLASSES_ROOT\Interface\{6DA65196-9CF9-48C9-9DB2-28742FCC56BE}
    HKEY_CLASSES_ROOT\TypeLib\{B699B1B8-ADD0-4835-8602-1548200FCDD5}
    HKEY_CLASSES_ROOT\GSYOutlookAddin.GSYAddinObj
    HKEY_CLASSES_ROOT\GSYOutlookAddin.GSYAddinObj.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\AppInfo\GotSmiley
    HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\GotSmiley
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Uninstall\GotSmiley
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins
    \GSYOutlookAddin.GSYAddinObj
    HKEY_ALL_USERS\SOFTWARE\Gator.com\GotSmiley
    HKEY_ALL_USERS\SOFTWARE\Microsoft\Office\Outlook\Addins
    \GSYOutlookAddin.GSYAddinObj

  3. Adds the following value:

    "GotSmiley"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the application runs every time Windows starts.

  4. May facilitate the download and installation of the Adware.GAIN security risk.


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS