1. /
  2. Security Response/
  3. Adware.MxliveMedia

Adware.MxliveMedia

Updated:
June 30, 2010 10:28:56 AM
Type:
Adware
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
When the program is executed, it creates the following files:
  • %System%\[RANDOM NAME].dll
  • %System%\[RANDOM NAME].exe


Next, it creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"xhehjnnlqercber" = "C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\[RANDOM NAME].dll"

It also creates the following registry subkeys:
  • HKEY_CLASSES_ROOT\CLSID\{2648BD48-9CF6-A110-B44C-90163495565D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2648BD48-9CF6-A110-B44C-90163495565D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zppwfhzshuk


The program then downloads advertisements from the following location and displays them on the computer:
[http://]ads.precisead.biz
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report