1. Symantec/
  2. Security Response/
  3. Adware.MxliveMedia


June 30, 2010 10:28:56 AM
Risk Impact:
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
When the program is executed, it creates the following files:
  • %System%\[RANDOM NAME].dll
  • %System%\[RANDOM NAME].exe

Next, it creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"xhehjnnlqercber" = "C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\[RANDOM NAME].dll"

It also creates the following registry subkeys:
  • HKEY_CLASSES_ROOT\CLSID\{2648BD48-9CF6-A110-B44C-90163495565D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2648BD48-9CF6-A110-B44C-90163495565D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zppwfhzshuk

The program then downloads advertisements from the following location and displays them on the computer:
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube