1. /
  2. Security Response/
  3. Adware.Webprefix

Adware.Webprefix

Updated:
February 13, 2007 11:47:39 AM
Type:
Adware
Publisher:
Global Netcom GmbH
Risk Impact:
High
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows NT, Windows Server 2003, Windows XP

When Adware.Webprefix is installed, it performs the following actions:
  1. Creates the file %System%\[FILE NAME].dll.

    Note:
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • [FILE NAME] is made up from other filenames present in the %System% folder.

  2. Creates the following registry subkeys:

    HKEY_CLASSES_ROOT\CLSID\[RANDOM_GUID]
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\[RANDOM_GUID]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
    \Browser Helper Objects\[RANDOM_GUID]

  3. Adds the values:

    "Enable Browser Extensions" = "yes"
    "WebPrefix" = "02266 - ROUTE4FREE"
    "Offline Folder" = "[UNIQUE ID]"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

    where [UNIQUE ID] is the id used to identify the Adware to it's controlling server.

  4. Contacts the following site to get configuration information and send system details such as the current service pack installed:

    axload.to

  5. Displays advertisements.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver