1. /
  2. Security Response/
  3. Adware.Eorezo

Adware.Eorezo

Updated:
June 28, 2012 8:38:44 AM
Type:
Adware
Risk Impact:
Medium
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Server 2008, Windows 7, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
This adware program may be dropped by a Trojan horse program, for example:
Trojan.Milicenso

When the program is executed, it creates the following file:
%System%\[RANDOM CHARACTERS FILE NAME].exe

For example:
  • %System%\ntimagei.exe
  • %System%\wbdbase1.exe
  • %System%\setupv.exe

Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"[RANDOM CHARACTERS FILE NAME]" = "%System%\[RANDOM CHARACTERS FILE NAME].exe"

The program then opens advertisement pages in Internet Explorer.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver