1. /
  2. Security Response/
  3. Adware.GoonSquad

Adware.GoonSquad

Updated:
August 2, 2012 12:48:29 AM
Type:
Adware
Infection Length:
Varies
Name:
Zip Performer
Publisher:
PerformerSoft
Risk Impact:
Low
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
This adware program must be downloaded manually from a website as part of ad supported software packages.

When the program is executed, it creates one of the following files:
  • C:\Documents and Settings\All Users\Application Data\bProtector\protector.dll
  • %System%\protector.dll

Next, the program creates one of the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs" = "%System%\protector.dll"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs" = "C:\Documents and Settings\All Users\Application Data\bProtector\protector.dll"

It also creates the following registry subkey:
HKEY_CURRENT_USER\Software\bProtector

It may inject the file protector.dll into several processes.

It then contacts the following URL:
[http://]guardstats.smartiengine.com/service/kupdat[REMOVED]

It may also modify browser search settings.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver