1. Symantec/
  2. Security Response/
  3. Adware.ProfilinStylin

Adware.ProfilinStylin

Updated:
July 21, 2011 4:24:52 PM
Type:
Adware
Name:
ProfilinStylin
Publisher:
profilinstylin.com
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
When the risk is executed, it creates the following files:
  • %ProgramFiles%\profilinstylin\extension_2_5_1.crx
  • %ProgramFiles%\profilinstylin\interop.shdocvw.dll
  • %ProgramFiles%\profilinstylin\microsoft.mshtml.dll
  • %ProgramFiles%\profilinstylin\profilinstylin\build.sh
  • %ProgramFiles%\profilinstylin\profilinstylin\chrome.manifest
  • %ProgramFiles%\profilinstylin\profilinstylin\config_build.sh
  • %ProgramFiles%\profilinstylin\profilinstylin\content\.DS_Store
  • %ProgramFiles%\profilinstylin\profilinstylin\content\firefoxOverlay.xul
  • %ProgramFiles%\profilinstylin\profilinstylin\content\installid.js
  • %ProgramFiles%\profilinstylin\profilinstylin\content\overlay.js
  • %ProgramFiles%\profilinstylin\profilinstylin\content\sudoku.js
  • %ProgramFiles%\profilinstylin\profilinstylin\defaults\.DS_Store
  • %ProgramFiles%\profilinstylin\profilinstylin\defaults\preferences\.DS_Store
  • %ProgramFiles%\profilinstylin\profilinstylin\defaults\preferences\sudoku.js
  • %ProgramFiles%\profilinstylin\profilinstylin\files
  • %ProgramFiles%\profilinstylin\profilinstylin\install.rdf
  • %ProgramFiles%\profilinstylin\profilinstylin\locale\.DS_Store
  • %ProgramFiles%\profilinstylin\profilinstylin\locale\en-US\.DS_Store
  • %ProgramFiles%\profilinstylin\profilinstylin\locale\en-US\sudoku.dtd
  • %ProgramFiles%\profilinstylin\profilinstylin\locale\en-US\sudoku.properties
  • %ProgramFiles%\profilinstylin\profilinstylin\readme.txt
  • %ProgramFiles%\profilinstylin\profilinstylin\skin\overlay.css
  • %ProgramFiles%\profilinstylin\profilinstylin.dll
  • %ProgramFiles%\profilinstylin\profilinstylin_Uninstall.exe

It then creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BE9AF61-4DBB-342E-B8F3-B0BEF3BF553D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BHO_HelloWorld.BHO
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Encryption.TripleDESEncryption
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cbfb5c65-652c-3e10-9d9a-e586816d9342}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Profilin Stylin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gfofmjijdndbbfdfchibahfdlhncfhne

The risk also creates the following registry entry:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\"{EB132DB0-A4CA-11DF-9732-0E29E0D72085}" = "%ProgramFiles%\profilinstylin\profilinstylin"

The risk then displays advertisements in pop-up messages.
Writeup By: Paul Mangan
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube