Content

Adware-GotSmiley

Type
Program
SubType
Adware
Discovery Date
08/05/2005
Minimum DAT
4551 (08/05/2005)
Updated DAT
4663 (12/30/2005)
Minimum Engine
5.1.00
Description Added
08/05/2005
Description Modified
10/07/2005 1:00 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary:

This is not a virus or a Trojan. Gotsmiley is an internet explorer toolbar. It is provided free as it is supported by advertising from GAIN network. While surfing the web, the users can observe many pop up ads displayed by GAIN Adserver software.

Privacy :

No license agreement is displayed during installation, although one could be displayed by another installer if bundled with another application. No EULA or privacy policy related to the software could be found.

Installation :

File name: gotsmiley.exe
MD5Hash: 1199866e88c3218d0f8f28fc8aa76dee

File name: gotsmileyhelper.dll
MD5Hash: 0850a26187bd72637b61a4da2a738630

File name: gsysmileylibinfo.dll
MD5Hash: 55b8e85c3294ce5fe0b6ea6164011adb

File name: gsyoutlookaddin.dll
MD5Hash: 8db5d1457bfa4bbf262b3f765fb53405

On registering the dlls and executing the application the following registry keys get added:

  • HKEY_CURRENT_USER\Software\Gator.com
  • HKEY_CURRENT_USER\Software\Gator.com\GotSmiley
  • HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\
    Addins\GSYOutlookAddin.GSYAddinObj
  • HKEY_CLASSES_ROOT\CLSID\
    {21FFB6C0-0DA1-11D5-A9D5-00500413153C}
  • HKEY_CLASSES_ROOT\CLSID\
    {309A4386-D229-42DD-BA17-983747DA35B0}
  • HKEY_CLASSES_ROOT\GSYOutlookAddin.GSYAddinObj
  • HKEY_CLASSES_ROOT\GSYOutlookAddin.GSYAddinObj.1
  • HKEY_CLASSES_ROOT\Interface\
    {6DA65196-9CF9-48C9-9DB2-28742FCC56BE}
  • HKEY_CLASSES_ROOT\TypeLib\
    {B699B1B8-ADD0-4835-8602-1548200FCDD5}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\
    Outlook\Addins\GSYOutlookAddin.GSYAddinObj
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Uninstall\GotSmiley
  • HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\GotSmiley

The following folders get added:

  • c:\Program Files\GotSmiley
  • c:\Program Files\GotSmiley\Images
  • c:\Program Files\GotSmiley\Skins
  • c:\Documents and Settings\All Users\
    Start Menu\Programs\GotSmiley
  • c:\Documents and Settings\<Usersname> \Local Settings\Temp\fsg_tmp
  • c:\Documents and Settings\<Usersname> \
     Local Settings\Temp\GSY_Temp



 

Aliases

Aliases

  • Symantec: Adware.GotSmiley