1. Symantec/
  2. Security Response/
  3. Adware.Memini


April 30, 2007 8:44:27 PM
Risk Impact:
Systems Affected:
Once executed, the risk drops the following file:

The above file is dropped in different locations depending on the program that the risk is bundled with. Generally, it is dropped in the following folder where [PROGRAM NAME] is the name of the program it is bundled with:
%Program Files%\[PROGRAM NAME]

The risk may also drop the following files:
%UserProfile%\Applications\Atomcreative\Rect Bike.exe
%UserProfile%\[8 RANDOM CHARACTERS].exe

It then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"Time jugs" = "%UserProfile%\atomcreative\Rect Bike.exe"

It may also create the following registry entries:
HKEY_CURRENT_USER\Software\Hope CORN FILEMulti\"Open Drive" = "[BINARY DATA]"
HKEY_CURRENT_USER\Software\Hope CORN FILEMulti\"StyleRoam" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"netbios-wait.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"netsearchsoft.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"www.netbios-wait.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"www.netsearchsoft.com" = ""

The security risk adds text to the hosts file reportedly to redirect queries to URLs of sites that advertise misleading applications.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube