1. Symantec/
  2. Security Response/
  3. Adware.MxliveMedia

Adware.MxliveMedia

Updated:
June 30, 2010 10:28:56 AM
Type:
Adware
Risk Impact:
Medium
Systems Affected:
Windows
When the program is executed, it creates the following files:
  • %System%\[RANDOM NAME].dll
  • %System%\[RANDOM NAME].exe


Next, it creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"xhehjnnlqercber" = "C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\[RANDOM NAME].dll"

It also creates the following registry subkeys:
  • HKEY_CLASSES_ROOT\CLSID\{2648BD48-9CF6-A110-B44C-90163495565D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2648BD48-9CF6-A110-B44C-90163495565D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zppwfhzshuk


The program then downloads advertisements from the following location and displays them on the computer:
[http://]ads.precisead.biz
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube