1. /
  2. Security Response/
  3. Adware.Webentrance

Adware.Webentrance

Updated:
February 13, 2007 11:49:57 AM
Type:
Adware
Risk Impact:
Low
File Names:
morfitwe.exe fe33c1ae.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.Webentrance is installed, it performs the following actions:
  1. Modifies the value: 

    "Start Page" = "[http://]www.we[REMOVED]"

    in the registry subkey:

    HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Main


    so that the Internet Explorer home page is changed to www.we[REMOVED].com.

  2. Adds one of the following registry values:

    "MSys32" = "[PATH TO ADWARE]\morfitwe.exe"
    "MSys32" = "[PATH TO ADWARE]\fe33c1ae.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

    so that the it runs every time Windows starts.

    Note: If this registry subkey is not present, the risk adds one of the the same values to the following registry subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  3. Adds the value:

    "Current" = "[VARIABLE]"

    (where [VARIABLE] is a variable used by the program)

    to the registry subkey:

    HKEY_ALL_USERS\Software\sysM32\Current

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver