1. Symantec/
  2. Security Response/
  3. Adware.Optserve


October 31, 2006 9:36:20 AM
Risk Impact:
Systems Affected:
Once executed the risk creates the following files:
  • %System%\lp.exe
  • %System%\lp.dll
  • %System%\optserve.exe
  • %System%\optserve.dll
  • %System%\URLHist.tlb

It then creates the following registry entries so that it runs every time Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"LP" = "%System%\LP.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"optserve" = "%System%\optserve.exe"

It connects to the optlynx.com or optmedia.jp domain and displays popup ads.

It sends the following user information to the optmedia server:
  • Web browser history
  • User ID generated with hardware information
  • IP Address
  • List of installed optmedia applications
  • Version number of optmedia
Writeup By: Hiroshi Shinotsuka
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube