1. /
  2. Security Response/
  3. Adware.DesktopMedia

Adware.DesktopMedia

Updated:
February 13, 2007 11:49:52 AM
Type:
Adware
Risk Impact:
High
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.DesktopMedia is installed, it performs the following actions:
  1. Creates the following files:

    • %UserProfile%\Application Data\Share Helper\Cast\GGS\hmd.idx
    • %UserProfile%\Application Data\Share Helper\Cast\bfrw_2150.inf
    • %UserProfile%\Application Data\Share Helper\Cast\bfyswj.inf
    • %UserProfile%\Application Data\Share Helper\Cast\dxgdgjc.inf
    • %UserProfile%\Application Data\Share Helper\Cast\yxssj_2150.inf
    • %UserProfile%\Application Data\Desktop Media\Cast\dmclient\GG5\hmd.idx
    • %UserProfile%\Application Data\Desktop Media\Cast\dmclient\ bfrw_2111.inf
    • %UserProfile%\Application Data\Desktop Media\Cast\dmclient\ bfyswj.inf
    • %UserProfile%\Application Data\Desktop Media\Cast\dmclient\ dxgdgjc.inf
    • %UserProfile%\Application Data\Desktop Media\Cast\dmclient\ yxssj_2111.inf
    • %ProgramFiles%\IE-BAR\Cast\2.1.0.0\dmbar.dll
    • %ProgramFiles%\IE-BAR\Cast\2.1.5.0\dmplayer.dll
    • %ProgramFiles%\IE-BAR\Cast\dmsched.exe
    • %ProgramFiles%\IE-BAR\Cast\Uninstall.exe
    • %ProgramFiles%\IE-BAR\Cast\dmbar.dll
    • %ProgramFiles%\IE-BAR\Cast\dmipn.dll
    • %ProgramFiles%\IE-BAR\Cast\dmshell.dll
    • %ProgramFiles%\IE-BAR\Cast\license.txt
    • %ProgramFiles%\Desktop Media\Cast\dmsched.exe
    • %ProgramFiles%\Desktop Media\Cast\Uninstall.exe
    • %ProgramFiles%\Desktop Media\Cast\dmbar.dll
    • %ProgramFiles%\Desktop Media\Cast\dmdaemon.dll
    • %ProgramFiles%\Desktop Media\Cast\dmipn.dll
    • %ProgramFiles%\Desktop Media\Cast\license.txt
    • %Windir%\Start Menu\Programs\Startup\IE-BAR.lnk
    • %Windir%\Start Menu\Programs\Startup\×ÀÃ洫ý.lnk

      Notes:
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP)

  2. Creates the following registry subkeys:

    HKEY_CLASSES_ROOT\CLSID\{16358834-52FC-4981-9A79-BFECE7C08CD3}
    HKEY_CLASSES_ROOT\CLSID\{1FCA37BA-7259-4BF1-878B-A39FA83BFBBB}
    HKEY_CLASSES_ROOT\CLSID\{53965717-3D50-4ef9-9105-99F22DDA3B82}
    HKEY_CLASSES_ROOT\Dmbar.dmbar.1
    HKEY_CLASSES_ROOT\Dmbar.dmbar
    HKEY_CLASSES_ROOT\Installer\Features\974A14EF650E5A0489C21D945B6D17D2
    HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A039C09F9001BF34CB53ED91FD9AB216
    HKEY_CLASSES_ROOT\Interface\{8C9377D3-D823-46A6-A8AC-B3913F9B6CA2}
    HKEY_CLASSES_ROOT\TypeLib\{25649A6A-637D-4416-9D03-98146330492A}
    HKEY_CLASSES_ROOT\CLSID\{6A2FF9B4-C31C-4BE8-86D4-4443B7411FE5}
    HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Explorer Bars
    \{1FCA37BA-7259-4BF1-878B-A39FA83BFBBB}
    HKEY_ALL_USERS\Software\Desktop Media
    HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media
    HKEY_LOCAL_MACHINE\SOFTWARE\sharehelper
    HKEY_ALL_USERS\Software\sharehelper
    HKEY_LOCAL_MACHINE\SOFTWARE\dmshareware
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products
    \974A14EF650E5A0489C21D945B6D17D2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
    \UserData\S-1-5-18\Products\974A14EF650E5A0489C21D945B6D17D2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
    \S-1-5-18\Products\71C455D361DEA8443BECF6CB15FF7B50
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
    \S-1-5-18\Components\2E217ECAF65686D48B415D248C656BEC
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
    \S-1-5-18\Components\981BF04810E13E242B7489698554198A
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
    \S-1-5-18\Components\6E57B995DBC361644A707DFD9CCA5F02
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
    \S-1-5-18\Components\9D7309678137CB444BFEE3AFCB6DFD5F
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
    \S-1-5-18\Components\A6B6B7ABCFDDAC74E98B0394AD8585BE
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
    \S-1-5-18\Components\DEF45035AA8DDEB4A920169ADE823D9C
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData
    \S-1-5-18\Components\A21CA71F768E1F84089EF9B843801293
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    \{FE41A479-E056-40A5-982C-D149B5D6712D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    \{3D554C17-ED16-448A-B3CE-6FBC51FFB705}
    HKEY_CLASSES_ROOT\Dmbar.dmbar.1
    HKEY_CLASSES_ROOT\Dmbar.dmbar
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
    \{1FCA37BA-7259-4BF1-878B-A39FA83BFBBB}
    HKEY_ALL_USERS\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
    \{1FCA37BA-7259-4BF1-878B-A39FA83BFBBB}
    HKEY_CLASSES_ROOT\TypeLib\{25649A6A-637D-4416-9D03-98146330492A}
    HKEY_CLASSES_ROOT\Interface\{8C9377D3-D823-46A6-A8AC-B3913F9B6CA2}
    HKEY_CLASSES_ROOT\CLSID\{C6EFBEA1-6D51-4d01-A274-211831E624DD}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
    \UpgradeCodes\A039C09F9001BF34CB53ED91FD9AB216
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes
    \A039C09F9001BF34CB53ED91FD9AB216
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes
    \5DB62E375A896F6408081040C15B769B
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
    \UpgradeCodes\5DB62E375A896F6408081040C15B769B
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features
    \974A14EF650E5A0489C21D945B6D17D2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features
    \71C455D361DEA8443BECF6CB15FF7B50
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products
    \974A14EF650E5A0489C21D945B6D17D2
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products
    \71C455D361DEA8443BECF6CB15FF7B50

  3. Installs a download manager toolbar for Internet Explorer.

  4. Displays advertisements on the computer from the following Chinese Web site:

    [http://]211.100.33.157

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver