1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Adware.DealPly

System Infected: Adware.DealPly

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Adware.DealPly download on the compromised computer.

Additional Information

When the program is executed, it creates the following files:

%ProgramFiles%\dealply\DealPlyIE.dll
%ProgramFiles%\dealply\DealPly.crx
%ProgramFiles%\dealply\uninst.exe
%ProgramFiles%\dealply\icon.ico


Next, the program creates the following registry subkeys:

HKEY_CURRENT_USER\Software\DealPly
HKEY_LOCAL_MACHINE\SOFTWARE\DealPly
HKEY_CLASSES_ROOT\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly


It then that installs an add-on for Web browsers and displays ads in the browser.

Affected

  • Various operating systems
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube