1. Symantec/
  2. Security Response/
  3. Adware.ArcadeWeb

Adware.ArcadeWeb

Updated:
October 21, 2011 11:17:31 AM
Type:
Adware
Name:
ArcadeWeb
Publisher:
ArcadeWeb LLC / FutureAds LLC
Risk Impact:
Low
Systems Affected:
Windows
When the program is executed, it creates the following files:
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\Chrome\awtextlinks.jar
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\chrome.manifest
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\arcadewebfirefox.dll
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\arcadewebfirefox.xpt
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\arcadewebfirefox2.dll
  • %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\install.rdf
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\Chrome\awtextlinks.jar
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\chrome.manifest
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\components\arcadewebfirefox.dll
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\components\arcadewebfirefox.xpt
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\components\arcadewebfirefox2.dll
  • %UserProfile%\Application Data\Mozilla\Firefox\Profiles\bcfh5tat.default\extensions\textlinks@arcadeweb.com\install.rdf
  • %UserProfile%\My Documents\My Pictures\arcade_web_screen1.bmp
  • %UserProfile%\My Documents\My Pictures\arcade_web_screen2.bmp
  • %UserProfile%\My Documents\My Pictures\arcade_web_screen3.bmp
  • %UserProfile%\Recent\arcade_web_screen1.bmp.lnk
  • %UserProfile%\Recent\arcade_web_screen2.bmp.lnk
  • %UserProfile%\Recent\arcade_web_screen3.bmp.lnk
  • %UserProfile%\Recent\My Pictures.lnk
  • %ProgramFiles%\ArcadeWeb\arcadeweb32.dll
  • %ProgramFiles%\ArcadeWeb\awun.exe


Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AW TrayIcon" = "RunDll32.exe "C:\Program Files\ArcadeWeb\arcadeweb32.dll", RunTrayIcon"

It also creates the following registry entries:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ExplorerPlugin.DLL\"AppID" = "{94C3E25B-C973-4A17-B80D-207BD978DB23}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension\CurVer\"" = "ExplorerPlugin.Extension.1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension\CLSID\"" = "{78919608-B066-4B5A-B248-38E12A783E05}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension\"" = "ArcadeWeb Class"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension.1\CLSID\"" = "{78919608-B066-4B5A-B248-38E12A783E05}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension.1\"" = "ArcadeWeb Class"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78919608-B066-4B5A-B248-38E12A783E05}\Arcadeweb\"NoExplorer" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Arcadeweb\"DisplayName" = "ArcadeWeb"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Arcadeweb\"UninstallString" = "%ProgramFiles%\ArcadeWeb\awun.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Arcadeweb\"DisplayIcon" = "%ProgramFiles%\ArcadeWeb\awun.exe"


Next, it creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{94C3E25B-C973-4A17-B80D-207BD978DB23}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78919608-B066-4B5A-B248-38E12A783E05}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F280841-8023-4BE6-9A4F-184D3E79A785}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B69460A1-2DBB-4980-8F30-44231D69AEFA}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A670E878-A272-443D-BD19-ED0A9BFD3FD8}\1.0


The program installs a component into Web browsers that converts certain keywords to links. When the mouse hovers over the link, an advertisement is displayed.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube