Content

Adware-SafeSurf.dr

Type
Program
SubType
Dropper
Discovery Date
05/09/2005
Minimum DAT
4487 (05/09/2005)
Updated DAT
4717 (03/13/2006)
Minimum Engine
5.1.00
Description Added
05/09/2005
Description Modified
12/22/2005 7:26 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary

This is not a virus or a Trojan. It is an adware dropper which drops adware component on the system. No visible indication is given that any software is being installed upon execution of the installation program.

Privacy

No license agreement is displayed during installation, although one could be displayed by another installer if bundled with another application. No privacy policy related to the software could be found.

System Changes

File Name : elite_media.exe
MD5Hash : 8ccf22711357ccba8d1c2cc56546515d

File Name : fran-hot.exe
MD5Hash : cb02ceb70fac6f137c2b4ad27ecbf22a

File Name : adwsetup_upd.exe
MD5Hash : fd982380c48715eee2998ef549b53d7a

Upon execution of this adware application, it creates BHO entries for the Internet Explorer and generates extra pop-up ads while browsing Internet.

Following files are dropped in "%Windows%\system32" directory (these names may vary):

  • bho.dll
  • nsa8.dll
  • nsc10.dll
  • nsg3.dll
  • nstB.dll
  • nsx13.dll

Following registry entries are added:

  • HKEY_CLASSES_ROOT\BHO.Adware
  • HKEY_CLASSES_ROOT\BHO.Adware.1
  • HKEY_CLASSES_ROOT\BHO.Hider
  • HKEY_CLASSES_ROOT\BHO.Hider.1
  • HKEY_CLASSES_ROOT\CLSID\{09D98DB3-217F-4a37-950F-7FA1B08CE2B6}
  • HKEY_CLASSES_ROOT\CLSID\{55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC}
  • HKEY_CLASSES_ROOT\Interface\{5679B16C-CD3A-471F-A503-25C528A3AD26}
  • HKEY_CLASSES_ROOT\Interface\{89E9F6CF-6F80-4C5E-B8E8-78E5A6B5D3BF}
  • HKEY_CLASSES_ROOT\TypeLib\{4DFD0B10-93DB-4D7E-9B34-3D92CA493BE4}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Explorer\Browser Helper Objects\{55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC}

Aliases

Aliases

  • Adware.Webext : Symantec
  • PacerD,Adware : CA eTrust
  • Trojan-Dropper.Win32.Agent.abb : Kaspersky Lab