1. /
  2. Security Response/
  3. Adware.TargetAd

Adware.TargetAd

Updated:
July 21, 2006 2:05:09 AM
Type:
Adware
Risk Impact:
High
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Adware.TargetAd is an Internet Explorer add-on that displays pop-up advertisements.

Once executed, the risk downloads its configuration from the following Web site:
[http://]admin.targetad.net/

It may also download updates to its components from the above site.

The risk may create the following files:
%ProgramFiles%\Microsoft\Office\0.9.0.9\AK.dat
%ProgramFiles%\Microsoft\Office\0.9.0.9\AKL.dat
%ProgramFiles%\Microsoft\Office\0.9.0.9\Office.dll
%ProgramFiles%\Microsoft\Office\0.9.0.9\Version.ini
%ProgramFiles%\Microsoft\Office\0.9.0.9\WTP.dat
%ProgramFiles%\NetMeting\Target\0.9.0.8\AK.dat
%ProgramFiles%\NetMeting\Target\0.9.0.8\AKL.dat
%ProgramFiles%\NetMeting\Target\0.9.0.8\Target.dll
%ProgramFiles%\NetMeting\Target\0.9.0.8\Version.ini
%ProgramFiles%\NetMeting\Target\0.9.0.8\WTP.dat
%ProgramFiles%\NetMeting\Target\AK.dat
%ProgramFiles%\NetMeting\Target\AKL.dat
%ProgramFiles%\NetMeting\Target\Target.dll
%ProgramFiles%\NetMeting\Target\Target.ini
%ProgramFiles%\NetMeting\Target\Version.ini
%ProgramFiles%\NetMeting\Target\WTP.dat
%UserProfile%\Local Settings\Temp\[NUMBER].tmp
%UserProfile%\Local Settings\Temp\dllhost.exe
%UserProfile%\Local Settings\Temp\Symentec.exe

It also creates and populates the following registry subkeys:
HKEY_CLASSES_ROOT\CLSID\{002AF282-E42D-4B51-9F70-F1570C02FAAD}
HKEY_CLASSES_ROOT\CLSID\{0A5EF610-EFB6-4AC4-A22A-3CA6B8148D08}
HKEY_CLASSES_ROOT\Interface\{1B54093E-6F8D-4B96-B9FE-1F0026AA872A}
HKEY_CLASSES_ROOT\Interface\{E16DCA92-8478-4BB0-B557-08012E8EAE00}
HKEY_CLASSES_ROOT\TypeLib\{DAA57276-EBF7-422E-AA7A-5CC7788A2A20}
HKEY_CLASSES_ROOT\TargetAD.Target
HKEY_CLASSES_ROOT\TargetAD.Target.1
HKEY_CLASSES_ROOT\TargetAD.TargetReg
HKEY_CLASSES_ROOT\TargetAD.TargetReg.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002AF282-E42D-4B51-9F70-F1570C02FAAD}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{002AF282-E42D-4B51-9F70-F1570C02FAAD}
HKEY_CURRENT_USER\Software\TargetAD

The risk may also create the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Display\"" = "yes"

The risk may also modify the following legitimate registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\"Enable Browser Extensions" = "yes"

Then the risk contacts various Chinese Web sites.

The risk displays pop-up advertisements while the user is surfing the Internet.
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report