Content

Adware-PopMonster

Type
Program
SubType
Adware
Discovery Date
01/18/2004
Minimum DAT
4317 (01/21/2004)
Updated DAT
4539 (07/20/2005)
Minimum Engine
5.1.00
Description Added
01/28/2004
Description Modified
04/01/2004 1:34 AM (PT)

Tab Navigation

Characteristics

This program is detected as Adware-PopMonster application. It is not a virus nor a trojan. 

When the Adware program is installed, the following registry keys will added:

  • HKEY_CURRENT_USER\Software\180solutions\msbb 
  • HKEY_LOCAL_MACHINE\Software\iefeatures\KeyWord "lastdate"
  • HKEY_LOCAL_MACHINE\Software\iefeatures\KeyWord "popstate"
  • HKEY_LOCAL_MACHINE\Software\iefeatures\KeyWord "sys"
  • HKEY_LOCAL_MACHINE\Software\iefeatures\KeyWord "userid"
  • HKEY_LOCAL_MACHINE\Software\iefeatures\KeyWord "version"
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    Run "iefeatures" = [windows SYSTEM directory]\IEFEATURES.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    Run "msbb" = [windows SYSTEM directory]\MSBB\MSBB.EXE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    Run "MSVersion"
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    Uninstall\msbb "DisplayName" = PAD Lookups by n-CASE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    Uninstall\msbb = "UninstallString"
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    Uninstall\nCASE "DisplayName" = Interstitial Ad Delivery by n-CASE
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page" = http://popnav.com
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main "Start Page" = http://popnav.com

    The following files and folders will be added:

    • [windows directory]\Desktop\Eliminate Popups.url
    • [windows directory]\Desktop\Internet Privacy Software.url
    • [windows directory]\Desktop\Yahoo.url
    • [windows directory]\Favorites\Ebay.url
    • [windows directory]\Favorites\Search Now.url
    • [windows directory]\Favorites\Stop Popups.url
    • [windows directory]\Favorites\Internet Tools\Internet Privacy Software.url
    • [windows directory]\Favorites\Internet Tools\Online Virus Scan.url
    • [windows directory]\Favorites\Internet Tools\Popup Blocker.url
    • [windows directory]\Favorites\Search\Search Casinos.url
    • [windows directory]Favorites\Search\Search Dating.url
    • [windows directory]\Favorites\Search\Search Now.url
    • [windows directory]\Favorites\Search\Search Sports.url
    • [windows directory]\Favorites\Shopping\Best Buy.url
    • [windows directory]\Favorites\Shopping\Buy.com.url
    • [windows directory]Favorites\Shopping\Ebay.url
    • [windows directory]\Favorites\Shopping\WalMart.url
    • [windows SYSTEM directory]\iefeatures.exe
    • [windows SYSTEM directory]\MSrdk.xml
    • [windows SYSTEM directory]\msbb\kyf.dat
    • [windows SYSTEM directory]\msbb\msbb.exe

    The detection of this type of file is not automatically activated. Users who would like to check for the presence of this kind of files on their system should run the command line scanner with the /PROGRAM switch.
    Please note that VirusScan, version 7 and higher, has an option, which enables users to detect this kind of program automatically (see below).

    Aliases

    Aliases

      N/A