1. Symantec/
  2. Security Response/
  3. AdwarePro2Sqr

AdwarePro2Sqr

Updated:
January 4, 2008 5:37:27 PM
Type:
Misleading Application
Name:
AdwarePro 2007
Publisher:
2Squared
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AdwarePro.lnk
  • %UserProfile%\Application Data\'AdwarePro'\DataBase.ref
  • %UserProfile%\Application Data\'AdwarePro'\Log\log_2008_01_04_16_06_44.log
  • %UserProfile%\Application Data\'AdwarePro'\Log\log_2008_01_04_16_06_45.log
  • %UserProfile%\Application Data\'AdwarePro'\Settings\CustomScan.stg
  • %UserProfile%\Application Data\'AdwarePro'\Settings\IgnoreList.stg
  • %UserProfile%\Application Data\'AdwarePro'\Settings\ScanInfo.stg
  • %UserProfile%\Application Data\'AdwarePro'\Settings\SelectedFolders.stg
  • %UserProfile%\Application Data\'AdwarePro'\Settings\Settings.stg
  • C:\Documents and Settings\All Users\Desktop\AdwarePro.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdwarePro\AdwarePro on the Web.url
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdwarePro\AdwarePro.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdwarePro\Uninstall AdwarePro.lnk
  • %ProgramFiles%\AdwarePro\AdwareProv7.exe
  • %ProgramFiles%\AdwarePro\Launcher.exe
  • %ProgramFiles%\AdwarePro\unins000.dat
  • %ProgramFiles%\AdwarePro\unins000.exe
  • %ProgramFiles%\AdwarePro\www.adwarepro[1]
  • %Windìr%\Tasks\'AdwarePro' Scheduled Scan.job

The program may also create temporary files.

It also creates the following folder:
%UserProfile%\Application Data\'AdwarePro'\Registry Backups

Next, the program creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"'AdwarePro'" = "%ProgramFiles%\AdwarePro\'AdwarePro'.exe - boot"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"'AdwarePro'" = "%ProgramFiles%\AdwarePro\'AdwarePro'.exe - boot"


It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\'AdwarePro'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdwarePro_is1

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube