1. /
  2. Security Response/
  3. AdsAlert

AdsAlert

Updated:
February 13, 2007 11:49:39 AM
Type:
Misleading Application
Infection Length:
561
Publisher:
PcPrivacy Software
Risk Impact:
Medium
File Names:
adsalert.exeadsalert.chm
Systems Affected:
Windows 2000, Windows NT, Windows XP

When AdsAlert is executed, it performs the following actions:
  1. Creates the following files:

    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\adsalert.chm
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\adsalert.exe
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\Include\Activity.log
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\Include\block.adf
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\Include\cookies.adf
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\Include\datafile.adf
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\Include\deep.adf
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\Include\deleting.nfo
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\Include\desc.nfo
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\Include\folder.nfo
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\Include\internet.adf
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\license.txt
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\readme.txt
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\unins000.dat
    %ProgramFiles%\PcPrivacySoftware.com\AdsAlert\unins000.exe
    %UserProfile%\Desktop\AdsAlert.lnk
    %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\Quick Launch\AdsAlert.lnk
    %UserProfile%\Start Menu\AdsAlert.lnk
    %UserProfile%\Start Menu\Programs\PcPrivacySoftware.com\AdsAlert\AdsAlert.lnk
    %UserProfile%\Start Menu\Programs\PcPrivacySoftware.com\AdsAlert\Help - AdsAlert.lnk
    %UserProfile%\Start Menu\Programs\PcPrivacySoftware.com\AdsAlert\Order AdsAlert.lnk
    %UserProfile%\Start Menu\Programs\PcPrivacySoftware.com\AdsAlert\ReadMe - AdsAlert.lnk
    %UserProfile%\Start Menu\Programs\PcPrivacySoftware.com\AdsAlert\uninstall.lnk

    Note:

    %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
    %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Adds the value:

    "AdsAlert" = "%ProgramFiles%\PcPrivacySoftware\AdsAlert\AdsAlert.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it is executed every time Windows starts.

  3. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PcPrivacySoftware.com - AdsAlert_is1
    HKEY_ALL_USERS\Software\PCPrivacySoftware\AdsAlert
    HKEY_ALL_USERS\Software\PCPrivacySoftware\AdsAlert\Settings


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver