1. /
  2. Security Response/
  3. Adware.Memini

Adware.Memini

Updated:
April 30, 2007 8:44:27 PM
Type:
Adware
Risk Impact:
High
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Once executed, the risk drops the following file:
minime.exe

The above file is dropped in different locations depending on the program that the risk is bundled with. Generally, it is dropped in the following folder where [PROGRAM NAME] is the name of the program it is bundled with:
%Program Files%\[PROGRAM NAME]

The risk may also drop the following files:
%UserProfile%\Applications\Atomcreative\Rect Bike.exe
%UserProfile%\[8 RANDOM CHARACTERS].exe

It then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"Time jugs" = "%UserProfile%\atomcreative\Rect Bike.exe"

It may also create the following registry entries:
HKEY_CURRENT_USER\Software\Hope CORN FILEMulti\"Open Drive" = "[BINARY DATA]"
HKEY_CURRENT_USER\Software\Hope CORN FILEMulti\"StyleRoam" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"netbios-wait.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"netsearchsoft.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"www.netbios-wait.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"www.netsearchsoft.com" = ""

The security risk adds text to the hosts file reportedly to redirect queries to URLs of sites that advertise misleading applications.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver