This adware program may be dropped by a Trojan horse program, for example:
Trojan.Milicenso
When the program is executed, it creates the following file:
%System%\[RANDOM CHARACTERS FILE NAME].exe
For example:
- %System%\ntimagei.exe
- %System%\wbdbase1.exe
- %System%\setupv.exe
Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"[RANDOM CHARACTERS FILE NAME]" = "%System%\[RANDOM CHARACTERS FILE NAME].exe"
The program then opens advertisement pages in Internet Explorer.
