1. /
  2. Security Response/
  3. Adware.MoneyGainer

Adware.MoneyGainer

Updated:
February 13, 2007 11:47:11 AM
Type:
Adware
Risk Impact:
High
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.MoneyGainer is executed, it performs the following actions:
  1. Creates the file %System%\[RANDOM].dll where [RANDOM] is made up by using parts of filenames of files located in the %System% folder.

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEAA3402-E101-4ABD-9337-BDEEFC6D29CA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27195441-54B0-4DD3-820C-699AC3EF8D37}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Bookmark.BHOMoneyGainer
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Bookmark.BHOMoneyGainer.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c815ace8-3dbf-4ffd-8231-ab1d21e8b7ee}
    HKEY_LOCAL_MACHINE\SOFTWARE\IasAdc
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C815ACE8-3DBF-4FFD-8231-AB1D21E8B7EE}


  3. Contacts the site windowsupdate4.com to download configuration information.

  4. Modifies the urls of specific websites when visited to include an affiliate ID associated with the author. This subsequently makes the author money everytime these URLs are visited.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report