Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of pronclick
  • Runs in a stealthy mode.
  • Poses as a channel for Worms and Trojans.
  • Redirects the users to other websites either for increasing the hitcount or for advertising.
  • Can even execute a DoS or DDoS attack.
  • It may even modify the registries and make the system vulnerable for attacks.
Information
Alias : [Not Available]
Md5 Hash : [f23991aa3b71d5b6dab3b5287fee923a]
File Size : (24576 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
403dcc56bbf192970d2aa36410d26460 ( 3858 bytes)
48a7b5c0116da991931f9addc7ec0e52 ( 7376 bytes)
88933546dfd37ac5ad3dd463688e7de0 ( 3856 bytes)
a9f61e6fcc00ba89d1d463eec5de9543 ( 4800 bytes)
b5b075608db17d6ea73ca983859c24c8 ( 7602 bytes)
c9f2165ad3ad9b6c6c011fd5bab793eb ( 57444 bytes)
e46d957d6d830f04685efc6413922e0c ( 57345 bytes)
f23991aa3b71d5b6dab3b5287fee923a ( 24576 bytes)
f5462ea985cfbc5bc2b4b72eb88c2284 ( 57345 bytes)
fc9e77710366c211b890de1a1770f12c ( 57484 bytes)
fda64d4f5ca216b065b458f1fde2f6a2 ( 7600 bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : msimgsiz.dat
Path : %userprofile%\local settings\application data\microsoft\internet explorer

Md5Hash :ae8061a9801a10d87da1a15d945ec367 ( 16384 bytes)
Creates the following child process(s) on execution:

%programfiles%\internet explorer\iexplore.exe www.porn.com

services.exe

Creates the Following MUTEX(s) on user's System:-
shell.cmrupidllist
msratingmutex
raspbfile
ctf.lbes.mutexdefaults-1-5-21-243176270-4028102869-1964243730-1010
ctf.compart.mutexdefaults-1-5-21-243176270-4028102869-1964243730-1010
ctf.asm.mutexdefaults-1-5-21-243176270-4028102869-1964243730-1010
ctf.layouts.mutexdefaults-1-5-21-243176270-4028102869-1964243730-1010
ctf.tmd.mutexdefaults-1-5-21-243176270-4028102869-1964243730-1010
msimgsizecachemutex
_!shmsfthistory!_
Tries To Connect to The Following Urls:-
Http_Version :http/1.1
64.89.23.139/
Http_Version :http/1.1
64.89.23.139/css/screen.css
Http_Version :http/1.1
64.89.23.139/images/logo_porn_warning.gif
Http_Version :http/1.1
64.89.23.139/images/asacp.gif
Http_Version :http/1.1
64.89.23.139/css/lib/reset.css
Http_Version :http/1.1
64.89.23.139/css/lib/typography.css
Http_Version :http/1.1
64.89.23.139/css/plugins/buttons/buttons.css
Http_Version :http/1.1
64.89.23.139/css/templates/main.css
Http_Version :http/1.1
64.89.23.139/css/print.css
Http_Version :http/1.1
64.89.23.139/images/b_clicktoenter.gif
Http_Version :http/1.1
64.89.23.139/images/logo2_porn_warning.gif
Http_Version :http/1.1
64.89.23.139/css/lib/forms.css
Http_Version :http/1.1
64.89.23.139/css/lib/grid.css
Http_Version :http/1.1
64.89.23.139/css/plugins/css-classes/css-classes.css
Http_Version :http/1.1
64.255.172.50/vtrack.php?aaaesp=1&qry=a0b033bb7c93b5f675f913e298b8ed55bb2d2a72ff82ad624f290d268b83d613
Http_Version :http/1.1
66.249.89.104/ga.js
Tries To Connect's to the following IP Address(s) through UDP(User DataGram Protocal) :-

127.0.0.1

NOTE:

1. %workingdir% Refers to the current directory in which user is working.
2. %userprofile% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.