When Adware.VCatch is installed, it performs the following actions:
- Creates the following files:
- %UserProfile%\Desktop\vcatchreport.htm
- %UserProfile%\Start Menu\Programs\VCatch\Uninstall VCatch.lnk
- %UserProfile%\Start Menu\Programs\VCatch\Upgrade to VCatch Antivirus Premium.lnk
- %UserProfile%\Start Menu\Programs\VCatch\VCatch.lnk
- %ProgramFiles%\CommonSearch\VCatch\INSTALL.LOG
- %ProgramFiles%\CommonSearch\VCatch\license.txt
- %ProgramFiles%\CommonSearch\VCatch\Risk.WAV
- %ProgramFiles%\CommonSearch\VCatch\UNWISE.EXE
- %ProgramFiles%\CommonSearch\VCatch\upgrade.ico
- %ProgramFiles%\CommonSearch\VCatch\VCatch.exe (detected as Adware.VCatch)
- %System%\Anticipator.dll
- %System%\ath.mgf
- %System%\bnr.mgf
- %System%\flchk.mgf
- %System%\frb.mgf
- %System%\mcAct.dll
- %System%\prm.mgf
- %System%\RulesData.xml
- %System%\RulesData1.xml
- %System%\RulesData2.xml
- %System%\RulesData3.xml
- %System%\RulesFactors.xml
- %System%\SMButton.ocx (a legitimate file)
- %System%\snd.mgf
- %System%\sub.mgf
- %System%\sze.mgf
- %System%\VCatchPI.dll
Note:
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Creates the following legitimate Microsoft files if they do not already exist:
- C:\WINNT\system32\dbghelp.dll
- C:\WINNT\system32\MSVBVM60.DLL
- Creates the following registry subkeys:
HKEY_CLASSES_ROOT\CLSID\{C15DFCFB-3D1C-4E50-AAC7-037B016B95F7}
HKEY_CLASSES_ROOT\CLSID\{E994B1F9-F7D0-11D6-A2A1-0010DC1D796E}
HKEY_CLASSES_ROOT\Interface\{A9752CF2-0791-11D7-B37B-0010DC1D796E}
HKEY_CLASSES_ROOT\Interface\{FFA47BB8-6C0C-4E2A-95FB-5AF61D2EC153}
HKEY_CLASSES_ROOT\TypeLib\{6476FAA7-E6CF-42F7-BC88-7DFDF9425786}
HKEY_CLASSES_ROOT\TypeLib\{E994B1F7-F7D0-11D6-A2A1-0010DC1D796E}
HKEY_CLASSES_ROOT\SMButton.Button
HKEY_CLASSES_ROOT\VCatchPI.VCScanner
HKEY_CLASSES_ROOT\VCatchPI.VCScanner.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\VCatch Antivirus Basic Version
HKEY_ALL_USERS\Software\CommonSearch
- Adds the value:
"www.vcatch.com"
to the registry subkey:
HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\New Windows\Allow
- Adds the value:
"vCatch" = "C:\PROGRA~1\COMMON~2\VCatch\VCatch.exe"
to the registry subkey:
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Run
so that it runs when Windows starts.
- Displays advertisements on the computer.
