1. Symantec/
  2. Security Response/
  3. Adware.ProfilinStylin

Adware.ProfilinStylin

Updated:
July 21, 2011 4:24:52 PM
Type:
Adware
Name:
ProfilinStylin
Publisher:
profilinstylin.com
Risk Impact:
Medium
Systems Affected:
Windows
When the risk is executed, it creates the following files:
  • %ProgramFiles%\profilinstylin\extension_2_5_1.crx
  • %ProgramFiles%\profilinstylin\interop.shdocvw.dll
  • %ProgramFiles%\profilinstylin\microsoft.mshtml.dll
  • %ProgramFiles%\profilinstylin\profilinstylin\build.sh
  • %ProgramFiles%\profilinstylin\profilinstylin\chrome.manifest
  • %ProgramFiles%\profilinstylin\profilinstylin\config_build.sh
  • %ProgramFiles%\profilinstylin\profilinstylin\content\.DS_Store
  • %ProgramFiles%\profilinstylin\profilinstylin\content\firefoxOverlay.xul
  • %ProgramFiles%\profilinstylin\profilinstylin\content\installid.js
  • %ProgramFiles%\profilinstylin\profilinstylin\content\overlay.js
  • %ProgramFiles%\profilinstylin\profilinstylin\content\sudoku.js
  • %ProgramFiles%\profilinstylin\profilinstylin\defaults\.DS_Store
  • %ProgramFiles%\profilinstylin\profilinstylin\defaults\preferences\.DS_Store
  • %ProgramFiles%\profilinstylin\profilinstylin\defaults\preferences\sudoku.js
  • %ProgramFiles%\profilinstylin\profilinstylin\files
  • %ProgramFiles%\profilinstylin\profilinstylin\install.rdf
  • %ProgramFiles%\profilinstylin\profilinstylin\locale\.DS_Store
  • %ProgramFiles%\profilinstylin\profilinstylin\locale\en-US\.DS_Store
  • %ProgramFiles%\profilinstylin\profilinstylin\locale\en-US\sudoku.dtd
  • %ProgramFiles%\profilinstylin\profilinstylin\locale\en-US\sudoku.properties
  • %ProgramFiles%\profilinstylin\profilinstylin\readme.txt
  • %ProgramFiles%\profilinstylin\profilinstylin\skin\overlay.css
  • %ProgramFiles%\profilinstylin\profilinstylin.dll
  • %ProgramFiles%\profilinstylin\profilinstylin_Uninstall.exe

It then creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BE9AF61-4DBB-342E-B8F3-B0BEF3BF553D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BHO_HelloWorld.BHO
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Encryption.TripleDESEncryption
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cbfb5c65-652c-3e10-9d9a-e586816d9342}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Profilin Stylin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gfofmjijdndbbfdfchibahfdlhncfhne

The risk also creates the following registry entry:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\"{EB132DB0-A4CA-11DF-9732-0E29E0D72085}" = "%ProgramFiles%\profilinstylin\profilinstylin"

The risk then displays advertisements in pop-up messages.
Writeup By: Paul Mangan
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube