Adware-Pribi

Content

Adware-Pribi

Type: Program
SubType: Adware
Discovery Date: 12/15/2004
Minimum DAT: 4397 (10/06/2004)
Updated DAT: 5108 (08/29/2007)
Minimum Engine: 5.1.00
Description Added: 10/06/2004
Description Modified: 03/16/2005 9:39 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is a direct marketing program which utilizes a browser helper object (BHO) for Internet Explorer. The software retrieves data for and displays popup advertisements while browsing with Internet Explorer. A unique identifier for the host system is created and stored in an .ini file. Default searches and queries in major search engines are redirected, with search keywords and the unique ID transmitted silently to www.fastfind.org . The program also retrieves data for and displays popup advertisements while browsing with Internet Explorer. A "sidesearch" pane in Internet Explorer displays additional results for default searches. Beyond this behavior there is no toolbar or icon indicating the BHO has been installed.

Privacy

Program creates a unique identifier (UUID) for tracking program operations. This UUID is transmitted to www.fastfind.org along with intercepted search keywords.

The spif.ini file contains a copy of this UUID and other configuration data.
Example:

"[DEF]
INST=True
CV=v29
UUID={738893A9-B180-482B-9E8B-C7A5F2549658}
Date=2/2/2005
[DYN]
CV=v29
CFPID=÷¼¼¼¼¼"º¾¡¿µº¹¡¸Í½Í¡µ´ÏÉ¡¿È¸ÎÊ¸¹"È¸Ï´ñ
[PRC]
PRC=138"

System Changes

Files Added

The following files are added to a folder named "pribi" or "setup" (depending on the version) in C:\Documents and Settings\All Users\Application Data\

Name: Pribi.dll (or setup.dll)
Size: varies (157,696 bytes for latest "setup.dll")
MD5: varies (24553634623FB9D3109E1E187DA74A64 for latest "setup.dll")

Name: spif.fil (or setup.fil)
Size: varies
MD5: varies

Name: spif.ini (or setup.ini)
Size: varies
MD5: varies

Registry Changes (most significant/high-level)

Keys Added:

HKCR\CLSID\{2E65A557-173C-4DE9-860B-28FC5CACA542}
HKCR\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C}
HKCR\Interface\{5D30F537-F73A-40E4-9F57-06D51C169CC8}
HKCR\Interface\{FA1D5414-D123-4716-A39A-1E831C56E53D}
HKCR\Setup.Setup1
HKCR\Setup.Setup2
HKCR\TypeLib\{E0B7006B-5D0C-4990-94BE-691C7EB3A75E}
HKLM\SOFTWARE\Microsoft\DownloadManager
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E65A557-173C-4DE9-860B-28FC5CACA542}

Values Added:

HKEY_CLASSES_ROOT\CLSID\{2E65A557-173C-4DE9-860B-28FC5CACA542} "(Default)"
Data: Setup.Setup1

HKEY_CLASSES_ROOT\CLSID\{2E65A557-173C-4DE9-860B-28FC5CACA542}\InprocServer32 "(Default)"
Data: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll

HKEY_CLASSES_ROOT\CLSID\{2E65A557-173C-4DE9-860B-28FC5CACA542}\InprocServer32 "ThreadingModel"
Data: Apartment

HKEY_CLASSES_ROOT\CLSID\{2E65A557-173C-4DE9-860B-28FC5CACA542}\ProgID "(Default)"
Data: Setup.Setup1

HKEY_CLASSES_ROOT\CLSID\{2E65A557-173C-4DE9-860B-28FC5CACA542}\TypeLib "(Default)"
Data: {E0B7006B-5D0C-4990-94BE-691C7EB3A75E}

HKEY_CLASSES_ROOT\CLSID\{2E65A557-173C-4DE9-860B-28FC5CACA542}\Version "(Default)"
Data: 1.0

HKEY_CLASSES_ROOT\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C} "(Default)"
Data: Setup.Setup2

HKEY_CLASSES_ROOT\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C}\InprocServer32 "(Default)"
Data: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll

HKEY_CLASSES_ROOT\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C}\InprocServer32 "ThreadingModel"
Data: Apartment

HKEY_CLASSES_ROOT\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C}\ProgID "(Default)"
Data: Setup.Setup2

HKEY_CLASSES_ROOT\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C}\TypeLib "(Default)"
Data: {E0B7006B-5D0C-4990-94BE-691C7EB3A75E}

HKEY_CLASSES_ROOT\CLSID\{8B3B8352-30DB-4790-B697-010DCE7BC63C}\Version "(Default)"
Data: 1.0

HKEY_CLASSES_ROOT\Interface\{5D30F537-F73A-40E4-9F57-06D51C169CC8} "(Default)"
Data: Setup2

HKEY_CLASSES_ROOT\Interface\{5D30F537-F73A-40E4-9F57-06D51C169CC8}\ProxyStubClsid "(Default)"
Data: {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{5D30F537-F73A-40E4-9F57-06D51C169CC8}\ProxyStubClsid32 "(Default)"
Data: {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{5D30F537-F73A-40E4-9F57-06D51C169CC8}\TypeLib "(Default)"
Data: {E0B7006B-5D0C-4990-94BE-691C7EB3A75E}

HKEY_CLASSES_ROOT\Interface\{5D30F537-F73A-40E4-9F57-06D51C169CC8}\TypeLib "Version"
Data: 1.0

HKEY_CLASSES_ROOT\Interface\{FA1D5414-D123-4716-A39A-1E831C56E53D} "(Default)"
Data: Setup1

HKEY_CLASSES_ROOT\Interface\{FA1D5414-D123-4716-A39A-1E831C56E53D}\ProxyStubClsid "(Default)"
Data: {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{FA1D5414-D123-4716-A39A-1E831C56E53D}\ProxyStubClsid32 "(Default)"
Data: {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{FA1D5414-D123-4716-A39A-1E831C56E53D}\TypeLib "(Default)"
Data: {E0B7006B-5D0C-4990-94BE-691C7EB3A75E}

HKEY_CLASSES_ROOT\Interface\{FA1D5414-D123-4716-A39A-1E831C56E53D}\TypeLib "Version"
Data: 1.0

HKEY_CLASSES_ROOT\Setup.Setup1 "(Default)"
Data: Setup.Setup1

HKEY_CLASSES_ROOT\Setup.Setup1\Clsid "(Default)"
Data: {2E65A557-173C-4DE9-860B-28FC5CACA542}

HKEY_CLASSES_ROOT\Setup.Setup2 "(Default)"
Data: Setup.Setup2

HKEY_CLASSES_ROOT\Setup.Setup2\Clsid "(Default)"
Data: {8B3B8352-30DB-4790-B697-010DCE7BC63C}

HKEY_CLASSES_ROOT\TypeLib\{E0B7006B-5D0C-4990-94BE-691C7EB3A75E}\1.0 "(Default)"
Data: Setup

HKEY_CLASSES_ROOT\TypeLib\{E0B7006B-5D0C-4990-94BE-691C7EB3A75E}\1.0\0\win32 "(Default)"
Data: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll

HKEY_CLASSES_ROOT\TypeLib\{E0B7006B-5D0C-4990-94BE-691C7EB3A75E}\1.0\FLAGS "(Default)"
Data: 0

HKEY_CLASSES_ROOT\TypeLib\{E0B7006B-5D0C-4990-94BE-691C7EB3A75E}\1.0\HELPDIR "(Default)"
Data: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup

Network Impact

Additional overhead in downstream bandwidth due to download of popup advertisement and "sidesearch" window results.
Additional overhead in upstream bandwidth due to silent transmission of UUID and intercepted search keywords.

Removal

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Aliases

N/A

McAfee > Theat Center > PUP Detail Page

Navigation

Utility Navigation

Content

Adware-Pribi

SubType

Discovery Date

Length

Minimum DAT

Updated DAT

Minimum Engine

Description Added

Description Modified

Tab Navigation

Characteristics

Removal

Aliases

Aliases

Threat Resources

Footer