1. /
  2. Security Response/
  3. SponsorKeyword

SponsorKeyword

Updated:
March 30, 2012 10:40:52 AM
Type:
Potentially Unwanted App
Version:
1.0.0.1
Risk Impact:
Low
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
When the program is executed, it creates the following files:
  • %ProgramFiles%\sponsormatch\sponsormatchagent.exe
  • %ProgramFiles%\sponsormatch\sponsormatch.exe
  • %ProgramFiles%\sponsormatch\sponsormatch_uninstall.exe

Next, it creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"sponsormatch" = "%ProgramFiles%sponsormatch\sponsormatchagent.exe"
  • HKEY_CURRENT_USER\Software\sponsormatch\"run" = "[DATE OF EXECUTION]"

It also creates the following registry entries:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}\"Version" = "*"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}\"Flags" = "[HEXADECIMAL VALUE]"

The program then creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sponsormatch

Next, the program creates the following mutex:
sponsorkeyword

It then retrieves certain system information, including:
  • IE version
  • OS version

The program may download an updated version of itself from the following location:
[http://]in.sponsorkeyword.co.kr

It retrieves search engine information from the following location:
[http://]api.sponsorkeyword.co.kr

The program may then display advertisements on the computer by using certain keyword matches.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver