1. /
  2. Security Response/
  3. Adware.Fastwebfinder

Adware.Fastwebfinder

Updated:
February 13, 2007 11:35:42 AM
Type:
Adware
Risk Impact:
High
File Names:
Ld.exe,Dnse.dll
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Adware.Fastwebfinder is executed, it does one of the following:


Adware.Fastwebfinder is not yet installed in %Windir% folder
If Adware.Fastwebfinder does not find the file %Windir%\Ld.exe, it will do the following:
  1. Copies itself as %Windir%\Ld.exe.


    Note: %Windir% is a variable. The adware locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.

  2. Adds the value:

    "Ld"="%windir%\ld.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the adware runs each time you start Windows.

Adware.Fastwebfinder is already installed in the %Windir% folder
If Adware.Fastwebfinder finds the file %Windir%\Ld.exe, it will do the following:
  1. Connects to www.fastwebfinder.com.
  2. Downloads information, including the file Dnse.dll, which it copies to the %Windir% folder.

Then, this information is used to hijack the following (of Internet Explorer):
  • Home Page
  • Search Bar
  • Search Assistant
  • Favorites


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report