1. /
  2. Security Response/
  3. Adware.CPush

Adware.CPush

Updated:
March 12, 2007 4:22:21 PM
Type:
Adware
Infection Length:
159,744 bytes
Risk Impact:
Low
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When the program is executed, it creates the following files:
%ProgramFiles%\Common Files\CPUSH\cpush.dll
%ProgramFiles%\Common Files\CPUSH\cpush0.dll
%ProgramFiles%\Common Files\CPUSH\Uninst.exe

It then creates the following registry subkeys, which installs the program as a Browser Helper Object in Internet Explorer:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.PopupBlock
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.PopupBlock.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewMediaPopup.DdLogic
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewMediaPopup.DdLogic.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch
HKEY_LOCAL_MACHINE\SOFTWARE\cpush
HKEY_LOCAL_MACHINE\SOFTWARE\Sohu R&D
HKEY_CURRENT_USER\Software\cpush

The program then checks for an updated version from [http://]update.cpc.sogou.com/push/versi[REMOVED] and downloads it if newer version exists.

The program will periodically displays advertisements obtained from the following URL: [http://]ads.sopeng.com/mirror/adid/[5 NUMB[REMOVED]
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver