1. /
  2. Security Response/
  3. Adware.Onban

Adware.Onban

Updated:
February 13, 2007 11:37:04 AM
Type:
Adware
Risk Impact:
Low
File Names:
Onban000.exe Ob2.dll Ob4.dll Onban004.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.Onban runs, it performs the following actions:
  1. Downloads ob4.dll from a Web site and saves it in %Windir%.

    Note: %Windir% is a variable. The adware locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
  2. Registers Ob4.dll as a Browser Helper Object by creating and populating the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Browser Helper Objects
    \{5A7CBCDC-9228-4104-A57D-738CE50FBA4F}
    HKEY_LOCAL_MACHINE\CLASSES\CLSID\{5A7CBCDC-9228-4104-A57D-738CE50FBA4F}
    HKEY_LOCAL_MACHINE\CLASSES\Interface\{8DBFDE2A-A02C-4203-A3A1-CC848CA5355F}
    HKEY_LOCAL_MACHINE\CLASSES\TypeLib\{C465A061-CDA5-4553-9FEB-F5A4FA658BFD}
    HKEY_LOCAL_MACHINE\CLASSES\Onban004.ViewSource.1
    HKEY_LOCAL_MACHINE\CLASSES\Onban004.ViewSource


  3. Registers Ob2.dll as a Browser Helper Object by creating and populating the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Browser Helper Objects
    \{0F9E1CB9-1B32-436B-B44C-BC7B7369CB9B}
    HKEY_LOCAL_MACHINE\CLASSES\CLSID\{0F9E1CB9-1B32-436B-B44C-BC7B7369CB9B}
    HKEY_LOCAL_MACHINE\CLASSES\Interface\{87368154-7BA0-43BE-90F4-6D47BA01EB09}
    HKEY_LOCAL_MACHINE\CLASSES\TypeLib\{D897D800-4D10-4981-B927-ACA77586D8CA}
    HKEY_LOCAL_MACHINE\CLASSES\Onban002.ViewSource.1
    HKEY_LOCAL_MACHINE\CLASSES\Onban002.ViewSource


  4. Displays pop-up windows containing advertisements. It also downloads an updated list of popup windows.

    Note: At the time of writing, the Web site from which the adware downloads was unavailable.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver