Adware-Alexa

Content

Adware-Alexa

Type: Program
SubType: Adware
Discovery Date: 02/23/2005
Length
Minimum DAT: 4420 (01/19/2005)
Updated DAT: 5715 (08/20/2009)
Minimum Engine: 5.1.00
Description Added: 01/19/2005
Description Modified: 03/18/2005 6:32 AM (PT)

Risk Assessment

Corporate User: N/A
Home User: N/A

Tab Navigation

Characteristics

McAfee(R) AVERT� recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.
Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary:

Upon execution of this application, Alexa toolbar is installed in Internet Explorer. Search keywords used in Google were transferred to Alexa servers. Also Alexa sends personal information such as usernames to the Alexa site.

Installation:

Filename : AlexaInstaller.exe
MD5 : 9e9601f62db49513151f60e3a3b5519d

Filenames and locations may vary from version to version.
An EULA of length 8851 words was displayed at the time of installation.

The following files are dropped when the application is executed.

AlxTB1.dll
AlxRes.dll

The following registry entries confirm Dll registration and startup entries made by this application.

HKEY_CLASSES_ROOT\CLSID\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}
HKEY_CLASSES_ROOT\CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}
HKEY_CLASSES_ROOT\CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}
HKEY_CLASSES_ROOT\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}
HKEY_CLASSES_ROOT\CLSID\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}
HKEY_CLASSES_ROOT\CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}
HKEY_CLASSES_ROOT\Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}
HKEY_CLASSES_ROOT\Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}
HKEY_CLASSES_ROOT\Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}
HKEY_CLASSES_ROOT\Interface\{B79D9232-A798-43DB-9E61-281D550460E4}
HKEY_CLASSES_ROOT\Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}
HKEY_CLASSES_ROOT\Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}
HKEY_CLASSES_ROOT\Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}
HKEY_CLASSES_ROOT\Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}
HKEY_CLASSES_ROOT\Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}
HKEY_CLASSES_ROOT\Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}
HKEY_CLASSES_ROOT\Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}
HKEY_CLASSES_ROOT\Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}
HKEY_CLASSES_ROOT\Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}
HKEY_CLASSES_ROOT\Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}
HKEY_CLASSES_ROOT\Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}
HKEY_CLASSES_ROOT\Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}
HKEY_CLASSES_ROOT\Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}
HKEY_CLASSES_ROOT\Interface\{0BBB0424-E98E-4405-9A94-481854765C80}
HKEY_CLASSES_ROOT\Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}
HKEY_CLASSES_ROOT\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}
HKEY_CLASSES_ROOT\TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}
HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar

Symptoms

Modification to IE Toolbar.
Modification of default home page to �http://www.alexa.com/?p=home�

Method of Infection

N/A. This is not a trojan or virus.

Removal

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

N/A

All Information

Overview -

This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.

Aliases

Adware.ToolBar.AlexaBar.a (Kaspersky)

Characteristics

Characteristics -

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary:

Installation:

Filename : AlexaInstaller.exe
MD5 : 9e9601f62db49513151f60e3a3b5519d

Filenames and locations may vary from version to version.
An EULA of length 8851 words was displayed at the time of installation.

The following files are dropped when the application is executed.

AlxTB1.dll
AlxRes.dll

The following registry entries confirm Dll registration and startup entries made by this application.

Symptoms

Symptoms -

Modification to IE Toolbar.
Modification of default home page to �http://www.alexa.com/?p=home�

Method of Infection

Method of Infection -

N/A. This is not a trojan or virus.

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants -

N/A

McAfee > Theat Center > Virus Detail Page

Navigation

Utility Navigation

Content

Adware-Alexa

Type

SubType

Discovery Date

Length

Minimum DAT

Updated DAT

Minimum Engine

Description Added

Description Modified

Risk Assessment

Tab Navigation

Overview

Aliases

Characteristics

Symptoms

Method of Infection

Removal

Variants

Variants

All Information

Overview -

Aliases

Characteristics

Characteristics -

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

Variants

Variants -

Threat Resources

Footer