Content
Adware-RBlast.dldr
- Type
- Program
- SubType
- Adware
- Discovery Date
- 07/14/2003
- Minimum DAT
- 4277 (07/16/2003)
- Updated DAT
- 4861 (09/27/2006)
- Minimum Engine
- 5.1.00
- Description Added
- 10/09/2003
- Description Modified
- 05/19/2005 3:29 PM (PT)
Tab Navigation
Characteristics
This is not a virus nor a trojan.
This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported. Users agree to have the Adware installed in the license agreement, although they may not realise at first that this file was packaged with the product they installed.
This Adware changes the default Start page of Internet Explorer to www.Slotch.com and also drops another Adware program already detected as Adware-Istbar.b .
The following registry values are added:
- HKEY_LOCAL_MACHINES\Software\Bargains
- HKEY_LOCAL_MACHINES\Software\ISTsvc
- HKEY_CURRENT_USER\Software\IST
- HKEY_CURRENT_USER\Software\ISTbar
The following registry values are also added to run the application at startup:
- HKEY_LOCAL_MACHINES\Software\Microsoft\Windows\CurrentVersion\Run "Bargains"
- HKEY_LOCAL_MACHINES\Software\Microsoft\Windows\CurrentVersion\Run "IST Service"
- HKEY_LOCAL_MACHINES\Software\Microsoft\Windows\CurrentVersion\Run "Win32gb"
The following folders are created within C:\Program Files:
- Bargain Buddy
- Bargain Buddy\bin
- Bargain Buddy\bin2
- ISTbar
- ISTsvc
Within these folders, the following files are dropped:
- Ad.dat
- Bbchk.exe
- Bbi8017.exe
- Ub.dat
- Uninst.exe
- Apuc.dll
- Bargains.exe
- Istbar.dll
- Istsvc.exe
It also adds a long list of links to adult sites in the Favorites.
The detection of this type of file is not automatically activated. Users who would like to check for the presence of this kind of files on their system should run the command line scanner with the /PROGRAM switch.
Please note that VirusScan 7 has also an option, which enables users to detect this kind of program automatically (see below).
Aliases
Aliases
-
N/A
