McAfee > Theat Center > PUP Detail Page

Characteristics

McAfee(R) AVERT(tm) recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

This is not a virus or a Trojan. It is an adware application.

Installation:

File:   install_ct.exe
Hash: fd83bede4ba3f2384baddf430564b58f

upon installation of this adware application the following changes occur in the user's system.

File Changes:

The following files are added to the %Program Files%\CxtPls directory

• ace.dll
• atl.dll
• CxtPls.dll
• CxtPls.exe
• libexpat.dll
• ProxyStub.dll
• WinGenerics.dll

cxtpls.dll is installed as Browser Helper Object.

Browser Helper Objects are executable files that are loaded when the browser is launched. They can perform various task,such as generating extra pop-up ads, monitoring page navigation, etc.

The following Registry keys are added:

KEY_CURRENT_USER\Software\Apropos
HKEY_LOCAL_MACHINE\SOFTWARE\Apropos
HKEY_LOCAL_MACHINE\SOFTWARE\Apropos\Client
HKEY_CURRENT_USER\Software\Apropos\Client
HKEY_CURRENT_USER\Software\Apropos\Client\Cookies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects\{016235BE-59D4-4CEB-ADD5-E2378282A1D9}

This adware application tracks user's browsing activity.

For ex: If user is searching for online books  at google.co.in.
This adware application tracks user's browsing habits and uploads that to adchannel.contextplus.net as show below.

Removal

Aliases

Aliases

N/A