1. Symantec/
  2. Security Response/
  3. Adware.Peppi

Adware.Peppi

Updated:
June 13, 2008 8:42:48 PM
Type:
Adware
Infection Length:
721,920 bytes
Name:
Peppi
Publisher:
Synatix GmbH
Risk Impact:
High
Systems Affected:
Windows
This security risk must be manually installed.

Once executed, the security risk creates the following files:
  • %UserProfile%\Start Menu\Programs\peppi_vorlagen\peppi (Vorlagen-Wizzard).lnk
  • C:\Program Files\peppi_vorlagen\license.txt
  • C:\Program Files\peppi_vorlagen\lisys.exe
  • C:\Program Files\peppi_vorlagen\peppi.exe
  • C:\Program Files\peppi_vorlagen\uninstall.bat
  • %Windir%\system\host.exe

The security risk creates the following registry entry, so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"vhost" = "%System%\host.exe"

It then creates the following registry entries:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\peppi (Vorlagen-Wizzard)\"DisplayName" = "peppi (Vorlagen-Wizzard)"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\peppi (Vorlagen-Wizzard)\"UninstallString" = "C:\Program Files\peppi_vorlagen\lisys.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"AutoConfigURL" = "file://%UserProfile%\Application Data\proxy.pac"
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\"EnableAutoProxyResultCache" = "0"

It then contacts the following remote location for instructions:
89.107.66.239

The security risk may also perform the following actions:
  • May modify the contents of search-engine pages
  • May display advertising
  • May cchange the browser home page
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube