1. /
  2. Security Response/
  3. Adware.MediaLoad

Adware.MediaLoad

Updated:
February 13, 2007 11:50:00 AM
Type:
Adware
Risk Impact:
High
File Names:
%Windir%\Digital Signature [RANDOM].htm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.MediaLoad is executed, it perfroms the following actions:
  1. Creates the following files:

    %Windir%\Digital Signature [RANDOM].htm
    %ProgramFiles%\Support Software\Install.exe
    %ProgramFiles%\Support Software\ss2.dll

    Note:

    %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
    %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
  2. Creates the following registry subkeys:

    HKEY_CLASSES_ROOT\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    HKEY_CLASSES_ROOT\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}
    HKEY_CLASSES_ROOT\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1}
    HKEY_CLASSES_ROOT\MP.MediaPops
    HKEY_CLASSES_ROOT\MP.MediaPops.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced
    HKEY_ALL_USERS\Software\Hopper
    HKEY_ALL_USERS\Software\Support Software

  3. Contacts the following URLs to receive advertisements that it displays in a popup window:

    [http://]ss.clipgenie.com/adserv/GetA[REMOVED]
    [http://]www.netvenda.com
    [http://]www.pinaccesscode.com
    [http://]www.clipgenie.com


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver