Content

Adware-WebLookup

Type
Program
SubType
Adware
Discovery Date
09/14/2005
Minimum DAT
4581 (09/14/2005)
Updated DAT
4650 (12/14/2005)
Minimum Engine
5.1.00
Description Added
09/14/2005
Description Modified
04/21/2006 2:53 PM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is a Browser Helper Object that may redirect web browsing and/or produce popup advertisements. The BHO attempts to contact www.web-redirect.com. Though this domain no longer resolves to a working IP address (DNS returns the localhost address 127.0.0.1), static analysis of the file suggests popup generation and possibly other advertising-related behavior.

This application does not display a license agreement when installed. Installation is completely silent following execution of the installation executable.

Privacy

No privacy policy is displayed during installation. The software attempts to contact web-redirect.com upon launch of Internet Explorer. It is not known to what degree privacy risks may be present, if any, as www.web-redirect.com currently does not resolve to a useable IP address.

System Changes

General defaults for typical path variables (although they may be different, they usually are not):
%WinDir% = \WINDOWS (Windows 9x/ME/XP), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM32 (Windows 9x/ME/XP), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

Files Added

  • Installer: se.exe (name varies) (167 KB)
    MD5: 425A3A089BC00940262B308AAEB5DAFE
  • %ProgramFiles%\weblookup\weblookup.dll (280 KB)
    MD5: D3A0931DD304EAD12AB253D1A314EEC0

Registry

The following registry keys are created:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects\{DC8240DF-E60D-4193-B984-5111847DC7E6}
  • HKEY_CURRENT_USER\Software\weblookup
  • HKEY_CLASSES_ROOT\TypeLib\{DEDE7333-91F2-4064-8557-0EB2E3D37155}
  • HKEY_CLASSES_ROOT\Redirect.RedirectPage.1
  • HKEY_CLASSES_ROOT\Redirect.RedirectPage
  • HKEY_CLASSES_ROOT\Interface\{D7988033-BDE1-4A36-BBE0-633F658BE770}
  • HKEY_CLASSES_ROOT\CLSID\{DC8240DF-E60D-4193-B984-5111847DC7E6}

Network Impact

Possible impact due to repeated attempts to contact web-redirect.com domain. Unknown impact in the case that web-redirect.com should come back online (possible download and installation of other components).

Aliases

Aliases

    N/A