1. /
  2. Security Response/
  3. Adware.Fastwebfinder


February 13, 2007 11:35:42 AM
Risk Impact:
File Names:
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Adware.Fastwebfinder is executed, it does one of the following:

Adware.Fastwebfinder is not yet installed in %Windir% folder
If Adware.Fastwebfinder does not find the file %Windir%\Ld.exe, it will do the following:
  1. Copies itself as %Windir%\Ld.exe.

    Note: %Windir% is a variable. The adware locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.

  2. Adds the value:


    to the registry key:


    so that the adware runs each time you start Windows.

Adware.Fastwebfinder is already installed in the %Windir% folder
If Adware.Fastwebfinder finds the file %Windir%\Ld.exe, it will do the following:
  1. Connects to www.fastwebfinder.com.
  2. Downloads information, including the file Dnse.dll, which it copies to the %Windir% folder.

Then, this information is used to hijack the following (of Internet Explorer):
  • Home Page
  • Search Bar
  • Search Assistant
  • Favorites

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report