1. /
  2. Security Response/
  3. Adware.Bullseye

Adware.Bullseye

Updated:
February 13, 2007 11:46:27 AM
Type:
Adware
Version:
1.0.0.0
Publisher:
eXact Advertising
Risk Impact:
Low
File Names:
adv.exe;adx.exe;msbe.dll;bargains.exe;adp8043b.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Once executed, Adware.Bullseye performs the following actions:
  1. Creates the following files:

    • %ProgramFiles%\BullsEye Network\bin\adv.exe
    • %ProgramFiles%\BullsEye Network\bin\adx.exe
    • %ProgramFiles%\BullsEye Network\bin\bargains.exe
    • %ProgramFiles%\BullsEye Network\Uninstall.exe

      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    \{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    \{8EEE58D5-130E-4CBD-9C83-35A0564E5678}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    \{C6906A23-4717-4E1F-B6FD-F06EBED15678}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
    \{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    \BargainBuddy
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext
    \Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}

  3. Adds the value:

    "BullsEye Network" = "%ProgramFiles%\BullsEye Network\bin\bargains.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the adware is executed every time Windows starts.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver