-
Updated:
- April 30, 2007 8:44:27 PM
-
Type:
- Adware
-
Risk Impact:
- High
-
Systems Affected:
- Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000
Once executed, the risk drops the following file:
minime.exe
The above file is dropped in different locations depending on the program that the risk is bundled with. Generally, it is dropped in the following folder where [PROGRAM NAME] is the name of the program it is bundled with:
%Program Files%\[PROGRAM NAME]
The risk may also drop the following files:
%UserProfile%\Applications\Atomcreative\Rect Bike.exe
%UserProfile%\[8 RANDOM CHARACTERS].exe
It then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"Time jugs" = "%UserProfile%\atomcreative\Rect Bike.exe"
It may also create the following registry entries:
HKEY_CURRENT_USER\Software\Hope CORN FILEMulti\"Open Drive" = "[BINARY DATA]"
HKEY_CURRENT_USER\Software\Hope CORN FILEMulti\"StyleRoam" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"netbios-wait.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"netsearchsoft.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"www.netbios-wait.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"www.netsearchsoft.com" = ""
The security risk adds text to the hosts file reportedly to redirect queries to URLs of sites that advertise misleading applications.
