1. /
  2. Security Response/
  3. SponsorKeyword


March 30, 2012 10:40:52 AM
Potentially Unwanted App
Risk Impact:
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Server 2008, Windows 7, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
When the program is executed, it creates the following files:
  • %ProgramFiles%\sponsormatch\sponsormatchagent.exe
  • %ProgramFiles%\sponsormatch\sponsormatch.exe
  • %ProgramFiles%\sponsormatch\sponsormatch_uninstall.exe

Next, it creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"sponsormatch" = "%ProgramFiles%sponsormatch\sponsormatchagent.exe"
  • HKEY_CURRENT_USER\Software\sponsormatch\"run" = "[DATE OF EXECUTION]"

It also creates the following registry entries:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}\"Version" = "*"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}\"Flags" = "[HEXADECIMAL VALUE]"

The program then creates the following registry subkey:

Next, the program creates the following mutex:

It then retrieves certain system information, including:
  • IE version
  • OS version

The program may download an updated version of itself from the following location:

It retrieves search engine information from the following location:

The program may then display advertisements on the computer by using certain keyword matches.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver