1. /
  2. Security Response/
  3. Adware.PurityScan.C

Adware.PurityScan.C

Updated:
February 13, 2007 11:51:22 AM
Type:
Adware
Version:
1.0.0.1
Publisher:
PurityScan.com
Risk Impact:
Low
File Names:
Wups.exe,Vvsn.exe,Purityscan.exe (also known as Sear1.exe)
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


When Adware.PurityScan.C is installed, it performs the following actions:
  1. Adds the values:

    "DisplayName"="PuritySCAN"
    "UninstallString"="%ProgramFiles%\PurityScan\PuritySCANUninstall.exe"
    "NoModify"=0x1
    "NoRepair"=0x1
    "URLInfoAbout"="
    http:/ /www.purityscan.com/"
    "HelpLink"="
    http:/ /www.purityscan.com/ps/support.html"
    "RegCompany"="ClickSpring, LLC"


    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PuritySCAN

    Note: %ProgramFiles% is a variable that refers to the path to the program files folder. By default, this is C:\Program Files.

  2. Adds the values:

    "VVSN"="%ProgramFiles%\VVSN\VVSN.exe"
    "Oesi"="%SystemDrive%Documents and Settings\Administrator\Application Data\srts.exe"
    "Oesi"="%SystemDrive%Documents and Settings\Administrator\Application Data\srts.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the spyware is run every time Windows starts.

    Note: %SystemDrive% is a variable that refers to the drive on which the Windows installation resides. By default, this is drive C.

  3. Creates the following files:
    • %ProgramFiles%\VVSN\VVSN.exe
    • %ProgramFiles%\VVSN\vvsn.cfg
    • %ProgramFiles%\PurityScan\PuritySCANUninstall.exe
    • %SystemDrive%Documents and Settings\Administrator\Application Data\srts.exe

  4. Scans Internet Explorer files, including browser files, cache, history, and cookies for adult-related keywords. It then displays advertisements.

  5. Downloads and displays ads from the following Web sites:
    • fp.clickspring.net
    • www.clickspring.net
    • legend.psdtools.com
    • pisces.clickspring.com
    • app.whenu.com
    • spweb.whenu.com


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver