1. /
  2. Security Response/
  3. Adware.Optserve

Adware.Optserve

Updated:
October 31, 2006 9:36:20 AM
Type:
Adware
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Once executed the risk creates the following files:
  • %System%\lp.exe
  • %System%\lp.dll
  • %System%\optserve.exe
  • %System%\optserve.dll
  • %System%\URLHist.tlb

It then creates the following registry entries so that it runs every time Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"LP" = "%System%\LP.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"optserve" = "%System%\optserve.exe"

It connects to the optlynx.com or optmedia.jp domain and displays popup ads.

It sends the following user information to the optmedia server:
  • Web browser history
  • User ID generated with hardware information
  • IP Address
  • List of installed optmedia applications
  • Version number of optmedia
Writeup By: Hiroshi Shinotsuka
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver