1. /
  2. Security Response/
  3. AdwarePro

AdwarePro

Updated:
January 2, 2008 10:09:52 AM
Type:
Misleading Application
Name:
Ad-Ware Pro
Version:
5.2
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior
The program must be manually installed.

When the program is executed, it performs a scan and then reports false or exaggerated risks on the computer.





The program may report the following risks on the computer:
  • Adware Threats
  • Spyware Threats
  • Keyloggers


The user is then prompted to pay for a full license of the application in order to remove the risks.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Desktop\Ad-Ware Pro.lnk
  • %UserProfile%\Start Menu\Programs\Ad-Ware Pro\Ad-Ware Pro.lnk
  • %UserProfile%\Start Menu\Programs\Ad-Ware Pro\Uninstall Ad-Ware Pro.lnk
  • C:\Documents and Settings\All Users\Desktop\Ad-Ware Pro.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Ware Pro\Ad-Ware Pro.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Ware Pro\Uninstall Ad-Ware Pro.lnk
  • %ProgramFiles%\Ad-Ware Pro\Ad-Ware Pro.exe
  • %ProgramFiles%\Ad-Ware Pro\Uninstall\IRIMG1.JPG
  • %ProgramFiles%\Ad-Ware Pro\Uninstall\IRIMG2.JPG
  • %ProgramFiles%\Ad-Ware Pro\Uninstall\IRIMG3.JPG
  • %ProgramFiles%\Ad-Ware Pro\Uninstall\uninstall.dat
  • %ProgramFiles%\Ad-Ware Pro\Uninstall\uninstall.xml
  • %Windìr%\Ad-Ware Pro\uninstall.exe
  • %Windìr%\Ad-Ware Pro Setup Log.txt


Next, the program creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\APMFC
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Ware Pro5.2


It also creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"AdwareProMFC" = "C:\Program Files\Ad-Ware Pro\Ad-Ware Pro.exe"
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver