Once executed, Adware.Bullseye performs the following actions:
- Creates the following files:
- %ProgramFiles%\BullsEye Network\bin\adv.exe
- %ProgramFiles%\BullsEye Network\bin\adx.exe
- %ProgramFiles%\BullsEye Network\bin\bargains.exe
- %ProgramFiles%\BullsEye Network\Uninstall.exe
Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- Creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{C6906A23-4717-4E1F-B6FD-F06EBED15678}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\BargainBuddy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext
\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- Adds the value:
"BullsEye Network" = "%ProgramFiles%\BullsEye Network\bin\bargains.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the adware is executed every time Windows starts.
