1. /
  2. Security Response/
  3. Adware.ArcadeWeb

Adware.ArcadeWeb

Updated:
October 21, 2011 11:17:31 AM
Type:
Adware
Name:
ArcadeWeb
Publisher:
ArcadeWeb LLC / FutureAds LLC
Risk Impact:
Low
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
When the program is executed, it creates the following files:
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\Chrome\awtextlinks.jar
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\chrome.manifest
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\arcadewebfirefox.dll
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\arcadewebfirefox.xpt
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\arcadewebfirefox2.dll
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\install.rdf
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\Chrome\awtextlinks.jar
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\chrome.manifest
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\components\arcadewebfirefox.dll
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\components\arcadewebfirefox.xpt
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\components\arcadewebfirefox2.dll
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\install.rdf
  • %UserProfile%\My Documents\My Pictures\arcade_web_screen1.bmp
  • %UserProfile%\My Documents\My Pictures\arcade_web_screen2.bmp
  • %UserProfile%\My Documents\My Pictures\arcade_web_screen3.bmp
  • %UserProfile%\Recent\arcade_web_screen1.bmp.lnk
  • %UserProfile%\Recent\arcade_web_screen2.bmp.lnk
  • %UserProfile%\Recent\arcade_web_screen3.bmp.lnk
  • %UserProfile%\Recent\My Pictures.lnk
  • %ProgramFiles%\ArcadeWeb\arcadeweb32.dll
  • %ProgramFiles%\ArcadeWeb\awun.exe


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AW TrayIcon" = "RunDll32.exe "C:\Program Files\ArcadeWeb\arcadeweb32.dll", RunTrayIcon"

It also creates the following registry entries:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ExplorerPlugin.DLL\"AppID" = "{94C3E25B-C973-4A17-B80D-207BD978DB23}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension\CurVer\"" = "ExplorerPlugin.Extension.1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension\CLSID\"" = "{78919608-B066-4B5A-B248-38E12A783E05}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension\"" = "ArcadeWeb Class"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension.1\CLSID\"" = "{78919608-B066-4B5A-B248-38E12A783E05}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension.1\"" = "ArcadeWeb Class"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78919608-B066-4B5A-B248-38E12A783E05}\Arcadeweb\"NoExplorer" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Arcadeweb\"DisplayName" = "ArcadeWeb"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Arcadeweb\"UninstallString" = "%ProgramFiles%\ArcadeWeb\awun.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Arcadeweb\"DisplayIcon" = "%ProgramFiles%\ArcadeWeb\awun.exe"


Next, it creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{94C3E25B-C973-4A17-B80D-207BD978DB23}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78919608-B066-4B5A-B248-38E12A783E05}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F280841-8023-4BE6-9A4F-184D3E79A785}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B69460A1-2DBB-4980-8F30-44231D69AEFA}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A670E878-A272-443D-BD19-ED0A9BFD3FD8}\1.0


The program installs a component into Web browsers that converts certain keywords to links. When the mouse hovers over the link, an advertisement is displayed.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver