Content

Adware-FasterXP

Type
Program
SubType
Adware
Discovery Date
06/22/2005
Minimum DAT
4521 (06/24/2005)
Updated DAT
4696 (02/14/2006)
Minimum Engine
5.1.00
Description Added
06/22/2005
Description Modified
06/23/2005 9:41 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program." It is a utility which makes certain changes purporting to improve system performance (most are simply slight modifications to registry settings affecting the Windows user interface and networking). Although offered in an unlimited free trial form, many direct-marketing adware applications are also installed that generate pop-up advertisements while browsing the web (may include: Adware-Abetterinternet, Downloader-KL, Adware-WinAd, Adware-ValueAd, Adware-MySearch). A total of five new entries, including FasterXP, are present in the Add/Remove Programs list upon completion of the free trial installation.

A user interface is displayed during installation, although it does not display a license agreement. A link is present on the first dialog of the installation to view the license agreement for the "Softwrap" distribution packager that was used to create the installation, but no link to the actual FasterXP software license agreement is present. The FasterXP license agreement can be accessed via a link on the homepage www.fasterxp.com, or directly here . The text of license agreements for My Search and Top Rebates are present on this page as well. It is not made clear from the installation dialogs that the user will end up with additional advertising software on their system as a result of choosing the unlimited free trial installation.

Privacy

A privacy policy is not displayed during installation. Although the FasterXP software itself does not appear to transmit any data, several of the other PUPs installed do to varying degrees, and it is possible that personally identifiable data may be included in these transmissions.

System Changes (FasterXP components)

General defaults for typical environment variables (although they may be different, they usually are not):
%WinDir% = \WINDOWS (Windows 9x/ME/XP), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM32 (Windows 9x/ME/XP), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

Files Added

  • %SystemDir%\seawdurlie.exe (28 KB)
    MD5: 38026AD142CE19585B8A4931F5454C9C
  • %SystemDir%\s4barsp.fasterxp.exe (516 KB)
  • %SystemDir%\frswrp10147.dll (128 KB)
    MD5: 0E4B9CB20FCD97460C43563212F39592
  • %SystemDir%\endat.dll (24 KB)
    MD5: 63F2EAB089188E267AAF5EE0CC08969C
  • c:\program files\fasterxp\uninstall fasterxp.exe (45 KB)
  • c:\program files\fasterxp\softwrap.dll (588 KB)
  • c:\program files\fasterxp\fvu1010.dat (1 KB)
  • c:\program files\fasterxp\fasterxp.sw (3 KB)
  • c:\program files\fasterxp\fasterxp.exe.manifest (1 KB)
    MD5: 3D94F6724805835E6DA42FE2973072B3
  • c:\program files\fasterxp\fasterxp.exe (152 KB)
    MD5: 942C18A3BBF5A26A5F07AA364E989987
  • c:\program files\fasterxp\fasterxp.bmp (21 KB)
  • c:\documents and settings\all users\documents\softwrap\optisoftfasterxp0010\fasterxp.sw (3 KB)
  • c:\documents and settings\all users\documents\global.sw (1 KB)
  • c:\documents and settings\all users\documents\fonts\swfont9.fnt (1 KB)
  • c:\documents and settings\all users\documents\config\desktop.idf (1 KB)
  • c:\documents and settings\administrator\start menu\programs\fasterxp\fasterxp.lnk (1 KB)
  • c:\documents and settings\administrator\local settings\temp\jkill.exe (44 KB)
  • c:\documents and settings\administrator\local settings\temp\fvu1010.dat (1 KB)
  • c:\documents and settings\administrator\local settings\temp\fsvf1201.exe (24 KB)

Registry

The following registry keys are created:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    Tcpip\Parameters
    "TcpMaxDataRetransmissions"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    Tcpip\Parameters
    "SackOpts"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    Tcpip\Parameters
    "EnablePMTUBHDetect"="0"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    Tcpip\Parameters
    "EnablePMTUDiscovery"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    Tcpip\Parameters
    "DisableDynamicUpdate"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    Tcpip\Parameters
    "Tcp1323Opts"="0"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    \Memory Management
    "IOPageLockLimit"="16384"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
    "ContigFileAllocSize"="512"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
    "TcpMaxDataRetransmissions"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
    "SackOpts"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
    "EnablePMTUBHDetect"="0"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
    "EnablePMTUDiscovery"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
    "DisableDynamicUpdate"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
    "Tcp1323Opts"="0"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
    \Memory Management
    "IOPageLockLimit"="16384"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem
    "ContigFileAllocSize"="512"
    The above items appear to be related to network "performance enhancements" performed by the FasterXP application.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\FasterXP
    "UninstallString"="C:\Program Files\FasterXP\Uninstall FasterXP.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\FasterXP
    "DisplayName"="FasterXP"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\FasterXP
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Run
    "seaWDurlIE"="C:\WINDOWS\System32\seaWDurlIE.exe"
  • HKEY_CURRENT_USER\Software\Softwrap\Ver1.0
  • HKEY_CURRENT_USER\Software\Softwrap\Lang
  • HKEY_CURRENT_USER\Software\Softwrap\Applications
  • HKEY_CURRENT_USER\Software\Softwrap\
    AD88973E59EFCC5B52F3894B129BCF3159D98CC6
  • HKEY_CURRENT_USER\Software\Softwrap
  • HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Startup
  • HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Shutdown
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
    "C:\Program Files\FasterXP\FasterXP.exe"="Optimize your Windows XP machine in seconds!"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
    "C:\fasterxp.exe"="fasterxp"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    \5.0\Cache\Extensible Cache\MSHist012005060320050604
    "CacheRepair"="0"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    \5.0\Cache\Extensible Cache\MSHist012005060320050604
    "CacheOptions"="11"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    \5.0\Cache\Extensible Cache\MSHist012005060320050604
    "CacheLimit"="8192"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    \5.0\Cache\Extensible Cache\MSHist012005060320050604
    "CachePrefix"=":2005060320050604: "
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    \5.0\Cache\Extensible Cache\MSHist012005060320050604
    "CachePath"="(hex data)"
  • HKEY_CURRENT_USER\Software\Microsoft\smallfont\shell\open
  • HKEY_CURRENT_USER\Software\Microsoft\smallfont\shell
  • HKEY_CURRENT_USER\Software\Microsoft\smallfont
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    "Show_BTTf"="yes"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    "Show_StrP"="http://www.fasterhomepage.com"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    "Change_Date_StartPage"="6/3/2005"
  • HKEY_CLASSES_ROOT\TypeLib\{A2AB15BF-CA9F-4E1D-9A34-A5A27E20365E}\5.0\HELPDIR
    "default"="C:\WINDOWS\System32"
  • HKEY_CLASSES_ROOT\TypeLib\{A2AB15BF-CA9F-4E1D-9A34-A5A27E20365E}\5.0\FLAGS
    "default"="0"
  • HKEY_CLASSES_ROOT\TypeLib\{A2AB15BF-CA9F-4E1D-9A34-A5A27E20365E}\5.0\0\win32
    "default"="C:\WINDOWS\System32\Endat.dll"
  • HKEY_CLASSES_ROOT\TypeLib\{A2AB15BF-CA9F-4E1D-9A34-A5A27E20365E}\5.0\0
  • HKEY_CLASSES_ROOT\TypeLib\{A2AB15BF-CA9F-4E1D-9A34-A5A27E20365E}\5.0
    "default"="Endat"
  • HKEY_CLASSES_ROOT\TypeLib\{A2AB15BF-CA9F-4E1D-9A34-A5A27E20365E}
  • HKEY_CLASSES_ROOT\Interface\{66314474-D895-4D98-944E-3F344EF01A4C}\TypeLib
    "Version"="5.0"
  • HKEY_CLASSES_ROOT\Interface\{66314474-D895-4D98-944E-3F344EF01A4C}\TypeLib
    "(default)"="{A2AB15BF-CA9F-4E1D-9A34-A5A27E20365E}"
  • HKEY_CLASSES_ROOT\Interface\{66314474-D895-4D98-944E-3F344EF01A4C}
    \ProxyStubClsid32
    "default"="{00020424-0000-0000-C000-000000000046}"
  • HKEY_CLASSES_ROOT\Interface\{66314474-D895-4D98-944E-3F344EF01A4C}
    \ProxyStubClsid
    "default"="{00020424-0000-0000-C000-000000000046}"
  • HKEY_CLASSES_ROOT\Interface\{66314474-D895-4D98-944E-3F344EF01A4C}
    "default"="Encriptar"
  • HKEY_CLASSES_ROOT\Endat.Encriptar\Clsid
    "default"="{2D4FF819-FD9E-49E7-B07A-D6A40A230A6C}"
  • HKEY_CLASSES_ROOT\Endat.Encriptar\Clsid
  • HKEY_CLASSES_ROOT\Endat.Encriptar
    "default"="Endat.Encriptar"
  • HKEY_CLASSES_ROOT\Endat.Encriptar
  • HKEY_CLASSES_ROOT\CLSID\{2D4FF819-FD9E-49E7-B07A-D6A40A230A6C}\VERSION
    "default"="5.0"
  • HKEY_CLASSES_ROOT\CLSID\{2D4FF819-FD9E-49E7-B07A-D6A40A230A6C}\TypeLib
    "default"="{A2AB15BF-CA9F-4E1D-9A34-A5A27E20365E}"
  • HKEY_CLASSES_ROOT\CLSID\{2D4FF819-FD9E-49E7-B07A-D6A40A230A6C}\Programmable
  • HKEY_CLASSES_ROOT\CLSID\{2D4FF819-FD9E-49E7-B07A-D6A40A230A6C}\ProgID
    "default"="Endat.Encriptar"
  • HKEY_CLASSES_ROOT\CLSID\{2D4FF819-FD9E-49E7-B07A-D6A40A230A6C}\InprocServer32
    "ThreadingModel"="Apartment"
  • HKEY_CLASSES_ROOT\CLSID\{2D4FF819-FD9E-49E7-B07A-D6A40A230A6C}\InprocServer32
    "(default)"="C:\WINDOWS\System32\Endat.dll"
  • HKEY_CLASSES_ROOT\CLSID\{2D4FF819-FD9E-49E7-B07A-D6A40A230A6C}
    \Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
  • HKEY_CLASSES_ROOT\CLSID\{2D4FF819-FD9E-49E7-B07A-D6A40A230A6C}
    \Implemented Categories
  • HKEY_CLASSES_ROOT\CLSID\{2D4FF819-FD9E-49E7-B07A-D6A40A230A6C}
    "default"="Endat.Encriptar"

Network Impact

Additional overhead in bandwidth due to download of advertising content and transmission of browsing data to remote servers.

Aliases

Aliases

    N/A