Content

Adware-Beginto.dr

Type
Program
SubType
Dropper
Discovery Date
02/23/2005
Minimum DAT
4432 (02/23/2005)
Updated DAT
5215 (01/24/2008)
Minimum Engine
5.1.00
Description Added
02/23/2005
Description Modified
03/18/2005 2:26 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.  If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.  
Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary:

Upon executing this application, it dropped BHOs which were responsible for changing the search page and  inserting toolbars into Internet Explorer. Ads are displayed while browsing.

Installation:

Exact filenames and installation locations may vary from version to version.
This description is simply meant as a guide.

No EULA was observed at the time of installation

File Name : VIRUS.EXE
MD5       : ddbe07e0c15dafc0cb229c6e74730ca5

Upon exectuion , it drops the following Browser Helper Objects.

C:\WINDOWS\System32\winb2s32.dll
C:\WINDOWS\System32\ic2_win.dll

These Browser Helper Object are loaded into Internet Explorer.
The search assistant is hijacked by Begin2Search and Internet Explorer toolbars is modified as follows:

Periodic ads are displayed.

Aliases

Aliases

  • Adware.Begin2search (Symantec)
  • Adware/Beginto (Panda)
  • not-a-virus:AdWare.Beginto.a (Kaspersky)