1. /
  2. Security Response/
  3. Adware.VCatch

Adware.VCatch

Updated:
February 13, 2007 11:47:41 AM
Type:
Adware
Version:
6.3.1.2
Publisher:
MinuteGroup
Risk Impact:
Low
File Names:
vcatch.exe
Systems Affected:
Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.VCatch is installed, it performs the following actions:
  1. Creates the following files:

    • %UserProfile%\Desktop\vcatchreport.htm
    • %UserProfile%\Start Menu\Programs\VCatch\Uninstall VCatch.lnk
    • %UserProfile%\Start Menu\Programs\VCatch\Upgrade to VCatch Antivirus Premium.lnk
    • %UserProfile%\Start Menu\Programs\VCatch\VCatch.lnk
    • %ProgramFiles%\CommonSearch\VCatch\INSTALL.LOG
    • %ProgramFiles%\CommonSearch\VCatch\license.txt
    • %ProgramFiles%\CommonSearch\VCatch\Risk.WAV
    • %ProgramFiles%\CommonSearch\VCatch\UNWISE.EXE
    • %ProgramFiles%\CommonSearch\VCatch\upgrade.ico
    • %ProgramFiles%\CommonSearch\VCatch\VCatch.exe (detected as Adware.VCatch)
    • %System%\Anticipator.dll
    • %System%\ath.mgf
    • %System%\bnr.mgf
    • %System%\flchk.mgf
    • %System%\frb.mgf
    • %System%\mcAct.dll
    • %System%\prm.mgf
    • %System%\RulesData.xml
    • %System%\RulesData1.xml
    • %System%\RulesData2.xml
    • %System%\RulesData3.xml
    • %System%\RulesFactors.xml
    • %System%\SMButton.ocx (a legitimate file)
    • %System%\snd.mgf
    • %System%\sub.mgf
    • %System%\sze.mgf
    • %System%\VCatchPI.dll

      Note:
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following legitimate Microsoft files if they do not already exist:

    • C:\WINNT\system32\dbghelp.dll
    • C:\WINNT\system32\MSVBVM60.DLL

  3. Creates the following registry subkeys:

    HKEY_CLASSES_ROOT\CLSID\{C15DFCFB-3D1C-4E50-AAC7-037B016B95F7}
    HKEY_CLASSES_ROOT\CLSID\{E994B1F9-F7D0-11D6-A2A1-0010DC1D796E}
    HKEY_CLASSES_ROOT\Interface\{A9752CF2-0791-11D7-B37B-0010DC1D796E}
    HKEY_CLASSES_ROOT\Interface\{FFA47BB8-6C0C-4E2A-95FB-5AF61D2EC153}
    HKEY_CLASSES_ROOT\TypeLib\{6476FAA7-E6CF-42F7-BC88-7DFDF9425786}
    HKEY_CLASSES_ROOT\TypeLib\{E994B1F7-F7D0-11D6-A2A1-0010DC1D796E}
    HKEY_CLASSES_ROOT\SMButton.Button
    HKEY_CLASSES_ROOT\VCatchPI.VCScanner
    HKEY_CLASSES_ROOT\VCatchPI.VCScanner.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    \VCatch Antivirus Basic Version
    HKEY_ALL_USERS\Software\CommonSearch

  4. Adds the value:

    "www.vcatch.com"

    to the registry subkey:

    HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\New Windows\Allow

  5. Adds the value:

    "vCatch" = "C:\PROGRA~1\COMMON~2\VCatch\VCatch.exe"

    to the registry subkey:

    HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Run

    so that it runs when Windows starts.

  6. Displays advertisements on the computer.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver