McAfee > Theat Center > PUP Detail Page

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary

This is not a virus or a trojan.It is a direct-marketing adware application that generates pop-up advertisements while browsing the web.
It runs while windows starts up and sets user's home page to "bonzi.com/bonziportal/index.asp".It installs talking monkey (as shown below) which pops up frequently and gathers user's personal information for its advertisement purpose.

Privacy

Here is an interesting excerpt from the Bonzi Buddy EULA :

"From time to time, the Software will send information to and receive information from servers maintained by Bonzi Software.

When you engage in certain activities with the Software, such as registration, or ordering product, the Software may prompt you to provide certain information about yourself by filling out and submitting an online form.

The Software may prompt you to provide personal information such as your first and last name, mailing address, e-mail address, and other personal identifying information. When ordering products or services, you may be asked to provide a credit card number.

An updated version of the Bonzi Software Privacy Policy may always be found at “www.bonzi.com/privacypolicy.htm"

System Changes

File Name: bbsmartsetup.exe
Version :1.0.0.0
MD5: c20b21f22cc3fc3629d8198ca737e51f

When this application is executed, the following folder is created:

C:\Program Files\bonzibuddy

The following are the files dropped in this folder :

• bbsmartstubfal.exe
• BBuddyMini.exe
• BonziBDY.EXE
• BonziBUDDYUninstall.exe
• BonziCTB.dll
• BonziTapFilters.dll
  

The following registry keys are added :

• HKEY_LOCAL_MACHINE\software\microsoft\windows\
  currentversion\run:bonzibuddy
• HKEY_LOCAL_MACHINE\software\microsoft\windows\
  currentversion\run:clickthebutton
• HKEY_LOCAL_MACHINE\software\microsoft\windows\
  currentversion\uninstall\bonzibuddy
• HKEY_CURRENT_USER\software\vb and vba program settings\
  bonzibuddy
• HKEY_CLASSES_ROOT\.bonzimail_message
• HKEY_CLASSES_ROOT\bonzibdy.document
• HKEY_CLASSES_ROOT\bonzimail_messagefile
• HKEY_CLASSES_ROOT\clsid\
  {d3cd5f89-bfe3-4bad-ac10-25751a08811c}
• HKEY_CLASSES_ROOT\clsid\
  {e26dd3cd-b06c-47ba-9766-5f264b858e09}
• HKEY_CLASSES_ROOT\clsid\
  {e509d0e0-da02-4d16-ba63-70f23cac74c8}
• HKEY_CLASSES_ROOT\clsid\
  {f2394898-748d-4415-8ce8-65e429445b33}
• HKEY_CLASSES_ROOT\clsid\
  {f4900f67-055f-11d4-8f9b-00104ba312d6}
• HKEY_CLASSES_ROOT\typelib\
  {50a2c2b1-5a56-4183-b1d0-3f59877bad60}
• HKEY_CLASSES_ROOT\typelib\
  {aab7faed-91f8-4591-8e4c-9291d2b7f381}
• HKEY_CLASSES_ROOT\interface\
  {0570bf7b-e1bf-4ef3-bc37-7ae3f54bd605}
• HKEY_CLASSES_ROOT\interface\
  {0a45db4d-bd0d-11d2-8d14-00104b9e072a}
• HKEY_CLASSES_ROOT\interface\
  {0a45db4e-bd0d-11d2-8d14-00104b9e072a}
• HKEY_CLASSES_ROOT\interface\
  {120c5484-09ba-4936-98b9-1b0c15c9ce5e}

It shows following advertisement  while browsing the web.

Network Impact

Additional overhead in bandwidth due to download of advertisements.

Removal

Aliases

Aliases

N/A