1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Adware.WebDir Activity

System Infected: Adware.WebDir Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Adware.WebDir communicating and requesting information from its controlling server.

Additional Information

Adware.WebDir is an Internet Explorer Browser Helper Object that will modify specific URLs to include an affiliate ID.

Adware :
Programs that facilitate delivery of advertising content to the user through their own window, or by utilizing another program's interface. In some cases, these programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other location in cyber-space.

Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger adware by accepting an End User License Agreement from a software program linked to the adware or from visiting a website that downloads the adware with or without an End User License Agreement

Affected

  • Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Response

The following instructions pertain to all Symantec antivirus products that support security risk detection.

1. Update the definitions.
2. Close all open Internet Explorer windows.
3. Run a full system scan.
4. Delete any values added to the registry.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube