Adware-Adtomi
Additional type information.
Date that AVERT discovered this threat.
File size, in bytes, of the threat.
McAfee DAT files contain detection and repair information for threats. The Minimum DAT field specifies the lowest/oldest DAT version that is capable of detecting the first incarnation of a threat, and the release date. The highest/newest DAT version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Each description displays the minimum, fully tested, DAT version that includes regular detection for a particular threat. These fully tested DATs are released on a daily basis. If necessary, they are also released when a Medium, Medium On Watch, or High risk threat is discovered. An EXTRA.DAT will also be posted for these more prevalent threats, if necessary.
For each description listed, detection is always available. In the event that the DAT version specified is not yet available, an EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page. Alternatively, minimally tested HOURLY BETA DAT files are available for downloading.
McAfee DAT files are constantly being updated to enhance detection capabilities. The Updated DAT field specifies the released DAT version that contains the most up to date detection.
The scan engine uses the DAT files to detect threats. The Minimum Engine field specifies the lowest/oldest engine version that is capable of detecting this threat. The highest/newest engine version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Date/time this description was published using Pacific Time.
Date/time this description was last modified using Pacific Time.
Tab Navigation
Characteristics
This is not a virus nor a trojan. It is a direct-marketing adware application. This application generates extra pop-up ads while using Internet Explorer.
This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported. It is currently bundled with a program called YahooStocks, but may be bundled with other programs as well. Users agree to have the Adware installed in the license agreement, although they may not realise at first that this file was packaged with the product they installed.
The following system changes were observed when running this application:
Added files
c:\WINDOWS\YSTCKAO32.EXE
Added registry keys
HKEY_CURRENT_USER\Software\adtomi
"homepage" = http://www.zestyfind.com
HKEY_CURRENT_USER\Software\adtomi
"redirecturl" = http://www.zestyfind.com/DNS.php
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"YahooStock" = C:\WINDOWS\YSTCKAO32.EXE
The Start page for Internet Explorer is also changed to point to the Zestyfind website. The detection of this type of file is not automatically activated. Users who would like to check for the presence of this kind of files on their system should run the command line scanner with the /PROGRAM switch. Please note that VirusScan 7 has also an option, which enables users to detect this kind of program automatically (see below).
