Content

Adware-SpywareWall

Type
Program
SubType
Adware
Discovery Date
08/12/2005
Minimum DAT
4558 (08/15/2005)
Updated DAT
4661 (12/28/2005)
Minimum Engine
5.1.00
Description Added
08/12/2005
Description Modified
08/12/2005 4:06 PM (PT)

Tab Navigation

Characteristics

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program." It purports to be an anti-spyware application. However, it downloads and installs additionall PUP components, including Adware-Searcher and elements used in Virtual Bouncer . Furthermore, no user interface whatsoever is displayed upon launching the installer.  All installation and downloading occurs silently. No license agreement is shown.

Privacy

No privacy policy is displayed during installation.

System Changes

General defaults for typical environment variables (although they may be different, they usually are not):
%WinDir% = C:\WINDOWS (Windows 9x/ME/XP), C:\\WINNT (Windows NT/2000)
%SystemDir% = C:\WINDOWS\SYSTEM32 (Windows 9x/ME/XP), C:\WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% =C:\Program Files

Files Added

  • Installer: spywarewall.exe (115 KB)
    MD5: 944025215CD2BD3298FE96A6BA4E0841
  • %SystemDir%\zlib.dll* (70 KB)
  • %SystemDir%\vbar332.dll* (360 KB)
  • %SystemDir%\tabctl32.ocx* (218 KB)
  • %SystemDir%\swlad2.dll (24 KB)
    MD5: F6A2FE5533649CB3AA7C01B718DE8813
  • %SystemDir%\swlad1.dll (40 KB)
    MD5: B97A53780F25E8DBDC970E77A8F03343
  • %SystemDir%\popoops2.dll (40 KB)
    MD5: 8E53FCA0A72AB2FBA6458CFC197B9447
  • %SystemDir%\popoops.dll (24 KB)
    MD5: 5A7085AFF4E5E5EDEA18C9A41ECC1A3E
  • %SystemDir%\olelib2.tlb* (21 KB)
  • %SystemDir%\olelib.tlb* (556 KB)
  • %SystemDir%\msxml3a.dll* (24 KB)
  • %SystemDir%\msxml3.inf* (1 KB)
  • %SystemDir%\msvbvm60.dll* (1354 KB)
  • %SystemDir%\msinet.ocx* (113 KB)
  • %SystemDir%\flash.ocx* (808 KB)
  • %WinDir%\lastgood\system32\stdole2.tlb* (17 KB)
  • %WinDir%\lastgood\system32\olepro32.dll* (104 KB)
  • %WinDir%\lastgood\system32\oleaut32.dll* (556 KB)
  • %WinDir%\lastgood\system32\msvbvm60.dll* (1356 KB)
  • %WinDir%\lastgood\system32\comcat.dll* (3 KB)
  • %WinDir%\lastgood\system32\asycfilt.dll* (76 KB)
  • c:\sww_searchtool\unwise.exe (161 KB)
  • c:\sww_searchtool\install.log (1 KB)
  • c:\program files\spywarewall\unwise.exe (161 KB)
  • c:\program files\spywarewall\sww_searchtool.exe (116 KB)
    MD5: 7E5F24614F469ABEFEBC007A6B983668
  • c:\program files\spywarewall\swwdnr.lib (2 KB)
  • c:\program files\spywarewall\swwdnr.exp (1 KB)
  • c:\program files\spywarewall\swwdnr.dll (720 KB)
    MD5: 7A62A68117B57593338324B523567602
  • c:\program files\spywarewall\spywarewall.exe (376 KB)
    MD5: 73EA675ECD416966919B45EB00795791
  • c:\program files\spywarewall\popupwallinner.exe (122 KB)
    MD5: 74DFD6EE773FD1723DB383CC36CB30F6
  • c:\program files\spywarewall\install.log (2 KB)
  • c:\program files\popupwall\wall.wav (8 KB)
  • c:\program files\popupwall\unwise.exe (161 KB)
  • c:\program files\popupwall\popupwall.exe (56 KB)
    MD5: 38110E88486B1214DE274062FB5ED7A3
  • c:\program files\popupwall\install.log (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\user.dat (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\stats.log (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\signatures.dat (83 KB)
  • c:\documents and settings\all users\application data\spywarewall\schedule.dat (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\history.dat (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\error.log (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\defs.css (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\5.jpg (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\4.jpg (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\3.jpg (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\2.jpg (1 KB)
  • c:\documents and settings\all users\application data\spywarewall\1.jpg (1 KB)
  • c:\documents and settings\all users\application data\linkbho\linkbho.dll (216 KB)
    MD5: BB047F78E4792E8CEEE01222B077B163
  • c:\documents and settings\all users\application data\linkbho\link.dat (3 KB)
  • c:\documents and settings\administrator\start menu\programs\startup\popupwall.lnk (1 KB)
  • c:\documents and settings\administrator\start menu\programs\spywarewall\spywarewall.lnk (1 KB)
  • c:\documents and settings\administrator\start menu\programs\popupwall\popupwall.lnk (1 KB)

* Although these files are added as a result of installing this application, they appear by themselves innocent and may already be present on a system and used by other applications. Therefore, they are not included in detection or removal.

Registry

The following registry keys are created:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System
    \Repair\C:/Program Files/SpyWareWall/INSTALL.LOG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System
    \Repair\C:/Program Files/PopUpWall/INSTALL.LOG
  • HKEY_LOCAL_MACHINE\SOFTWARE\SpywareWall
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Uninstall\SSW_SearchTool
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Uninstall\SpyWareWall
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\PopUpWall
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects\{CC924BD1-7382-4619-A706-070CB00F2325}
  • HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SpyWareWall
  • HKEY_CURRENT_USER\Software\VB and VBA Program Settings\popupwall
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    "SpyWareWall"="C:\PROGRA~1\SPYWAR~1\SpyWareWall.exe"
  • HKEY_CLASSES_ROOT\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52}
  • HKEY_CLASSES_ROOT\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9}
  • HKEY_CLASSES_ROOT\TypeLib\{5F54559F-670F-4C1A-A526-9533B575E889}
  • HKEY_CLASSES_ROOT\TypeLib\{4DA3703C-EAE4-4B1D-93A6-F1D5835A28FD}
  • HKEY_CLASSES_ROOT\SWWDNR.DNRDirector
  • HKEY_CLASSES_ROOT\SWWDNR.cUserSettings
  • HKEY_CLASSES_ROOT\SWWDNR.cSignature
  • HKEY_CLASSES_ROOT\SWWDNR.cScheduler
  • HKEY_CLASSES_ROOT\SWWDNR.cRegistryRoutines
  • HKEY_CLASSES_ROOT\SWWDNR.cHistory
  • HKEY_CLASSES_ROOT\SWWDNR.cErrorLog
  • HKEY_CLASSES_ROOT\SWWDNR.cCookie
  • HKEY_CLASSES_ROOT\SWLAD1.SWLAD
  • HKEY_CLASSES_ROOT\PopOops2.PopOops
  • HKEY_CLASSES_ROOT\LinkBHO.cIExplorer
  • HKEY_CLASSES_ROOT\Interface\{FE118BBF-1B52-4CB3-97F2-4995E90A630D}
  • HKEY_CLASSES_ROOT\Interface\{CA621437-CB64-462A-94C4-0386E6158416}
  • HKEY_CLASSES_ROOT\Interface\{C142AB6D-8A47-4178-B0C6-7E80D89F0E1E}
  • HKEY_CLASSES_ROOT\Interface\{BFEFFBF3-9F1D-400D-B3E4-7016D47810DB}
  • HKEY_CLASSES_ROOT\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06}
  • HKEY_CLASSES_ROOT\Interface\{B2231C24-E5BC-4067-B450-2BFD7C9458C7}
  • HKEY_CLASSES_ROOT\Interface\{B05644E6-D092-4131-BF55-962ED6220AAC}
  • HKEY_CLASSES_ROOT\Interface\{9CA8EB8E-7D4E-443E-B227-C959D52BE707}
  • HKEY_CLASSES_ROOT\Interface\{95D5AB22-576D-47C1-97F0-9B9E9E784439}
  • HKEY_CLASSES_ROOT\Interface\{8707B839-3140-4D81-B5FD-5C9F51DDF7BB}
  • HKEY_CLASSES_ROOT\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B}
  • HKEY_CLASSES_ROOT\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE}
  • HKEY_CLASSES_ROOT\Interface\{61CF04DD-F258-4ADF-9339-4842C563D1A3}
  • HKEY_CLASSES_ROOT\Interface\{5FCBDFE8-0E64-4190-90E6-BAF31077E46A}
  • HKEY_CLASSES_ROOT\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E}
  • HKEY_CLASSES_ROOT\Interface\{072B061C-D125-43DA-B2C3-B852EA74FA75}
  • HKEY_CLASSES_ROOT\CLSID\{FCD1122E-FC8D-4281-8203-D6CF88735EB2}
  • HKEY_CLASSES_ROOT\CLSID\{F74B777E-13E7-4FEA-A793-400F93ADB813}
  • HKEY_CLASSES_ROOT\CLSID\{E88A86D2-E5CE-4089-BC9F-E7A819FEAEDB}
  • HKEY_CLASSES_ROOT\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}
  • HKEY_CLASSES_ROOT\CLSID\{CC924BD1-7382-4619-A706-070CB00F2325}
  • HKEY_CLASSES_ROOT\CLSID\{A752277B-B866-4E70-B89E-5FB95CBAD219}
  • HKEY_CLASSES_ROOT\CLSID\{9D9C77D6-F197-42EB-970E-00879F341698}
  • HKEY_CLASSES_ROOT\CLSID\{81957768-D393-43F4-BED7-366F9BF1EF76}
  • HKEY_CLASSES_ROOT\CLSID\{50A426C6-360D-42BA-93C8-F144950B731B}
  • HKEY_CLASSES_ROOT\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}
  • HKEY_CLASSES_ROOT\CLSID\{035BA531-1CDE-419E-905F-120D61C14AE7}

Network Impact

Additional overhead in bandwidth due to download of advertising content or other communications with 3rd party servers.

Aliases

Aliases

    N/A