1. /
  2. Security Response/
  3. Adware.Mpgcom

Adware.Mpgcom

Updated:
February 13, 2007 11:36:28 AM
Type:
Adware
Risk Impact:
Medium
File Names:
Mpgcom.dll,Msnarrator.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Adware.Mpgcom is an adware component that runs as a Browser Helper Object (BHO), which means that the component will be active when Internet Explorer is running.

When this component is active, it sends data that may contain personal identifiable information to a third-party server.

Adware.Mpgcom also has the ability to display pop-up advertisements, and it can update itself.

When it installs itself, Adware Mpgcom does the following:
  1. Creates the following registry keys:

    HKEY_CLASSES_ROOT\Mpgcom.zoom

    HKEY_CLASSES_ROOT\Mpgcom.zoom.1


  2. Creates the file, %Windir%\Msnarrator.exe, and then executes it.


    Note: %Windir% is a variable. The adware locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and creates the file in that location.

  3. Adds the value:

    "msnarrator" = "%Windir%\msnarrator.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the adware runs when you start Windows.

  4. Adds the values:
    • "PingMDID" = <number>
    • "PingSDID" = <number>

      to the registry key:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
      WindowsUpdate

  5. Attempts to send confidential information back to a third-party server.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver