1. /
  2. Security Response/
  3. Adware.Tbon

Adware.Tbon

Updated:
February 13, 2007 11:47:33 AM
Type:
Adware
Publisher:
The Best Offers Network
Risk Impact:
Medium
File Names:
tbon.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Once executed, Adware.Tbon performs the following actions:
  1. Creates the following files:

    • %Windir%\tboninst.cfg
    • %Windir%\TBONUnst.htm
    • %ProgramFiles%\tboninst.cfg
    • %ProgramFiles%\Uninstall.exe
    • %ProgramFiles%\tbon.exe

      Note:
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

  2. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBON
    HKEY_CURRENT_USER\Software\tbon
    HKEY_CURRENT_USER\Software\Classes\tbonac
    HKEY_USERS\[USER_ID]_Classes\tbonac

  3. Adds the value:

    "tbon" = "[PATH TO ADWARE] /r"

    to the registry subkey:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs every time the user logs in.

  4. Monitors URLs visited in Web browsers and sends the information to a Web site on the btgrab.com domain.

  5. Displays advertisements based on the URLs visited.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver