||||
Symantec.com > Security Response > Threats and Risks > Adware.Eziin
PRINT THIS PAGE

Adware.Eziin

Printer Friendly Page

Updated: February 13, 2007 11:46:34 AM
Type: Adware
Risk Impact: High
File Names: ezionup.exe clienttimer.exe system_ct.exe system_tp.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When Adware.Eziin is installed, it performs the following actions:

  1. Creates the following files:

    • %System%\clienttimer.exe
    • %System%\libmySQL.dll
    • %System%\PopClient.exe
    • %System%\system_ct.exe
    • %System%\system_pp.exe
    • %System%\system_tp.exe

      Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\ezion
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager

  3. Adds the values:

    "Hwp" = "%System%\system_wc.exe"
    "WIN32WN" = "%System%\system_wc.exe"
    "WIN32io" = "%System%\clienttimer.exe"
    "WIN32DS" = "%System%\clienttimer.exe"  

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the risk runs every time Windows starts.

  4. Adds the value:

    "Recever_Security" = "eziin.com"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security

  5. Modifies the value:

    "Start Page" = "eziin.com"

    in the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

    so that the default Internet Explorer home page changes to "eziin.com".

Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS