Content

Adware-123mania

Type
Program
SubType
Adware
Discovery Date
07/04/2005
Minimum DAT
4527 (07/04/2005)
Updated DAT
5089 (08/02/2007)
Minimum Engine
5.1.00
Description Added
07/04/2005
Description Modified
08/05/2005 7:27 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT(tm) recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

This is not a virus or a Trojan. It is an adware application by
Matrix Technology Network .



Installation:

 Installation is performed via an Active-X control when user visits
www. 123mania.com .

The following Registry key is added in order to get executed on each reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DownloadSoftware" = "C:\WINDOWS\System32\MSA64CHK.dll"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"MP3Collection" = "C:\WINDOWS\System32\MSA64CHK.dll"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TakeMP3" = "C:\WINDOWS\System32\MSA64CHK.dll"

The following files are created in %WINDOWS%\system32 directory:

  • SIPSPI32.dll
  • GIDCAI32.dll
  • MSA64CHK.dll

The following Registry keys are added:

HKEY_CURRENT_USER\Software\Matrix_HTML
HKEY_CURRENT_USER\Software\Matrix_HTML\TakeMP3
HKEY_CURRENT_USER\Software\Matrix_HTML\FunnyChat
HKEY_CURRENT_USER\Software\Matrix_HTML\MP3download
HKEY_CURRENT_USER\Software\Matrix_HTML\MP3Collection
HKEY_CURRENT_USER\Software\Matrix_HTML\DownloadSoftware

This application installs GIDCAI32.dll and SIPSPI32.dll as BHO.

Browser Helper Objects are executable files that are loaded when the browser is launched. They can perform various task,such as generating extra pop-up ads, monitoring page navigation, etc.

This adware application is an Error page hijacker.

This adware application displays advertisements while user is browsing the web.

Aliases

Aliases

    N/A