1. /
  2. Security Response/
  3. Adware.MxliveMedia


June 30, 2010 10:28:56 AM
Risk Impact:
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
When the program is executed, it creates the following files:
  • %System%\[RANDOM NAME].dll
  • %System%\[RANDOM NAME].exe

Next, it creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"xhehjnnlqercber" = "C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\[RANDOM NAME].dll"

It also creates the following registry subkeys:
  • HKEY_CLASSES_ROOT\CLSID\{2648BD48-9CF6-A110-B44C-90163495565D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2648BD48-9CF6-A110-B44C-90163495565D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zppwfhzshuk

The program then downloads advertisements from the following location and displays them on the computer:
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver