Content
Adware-Virtumundo
- Type
- Program
- SubType
- Adware
- Discovery Date
- 09/23/2005
- Length
- Varies
- Minimum DAT
- N/A (06/27/2011)
- Updated DAT
- 6390 (06/27/2011)
- Minimum Engine
- 5.1.00
- Description Added
- 09/23/2005
- Description Modified
- 12/31/2005 2:16 PM (PT)
Tab Navigation
Characteristics
McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
Distribution
This is not a virus or a trojan. It is detected as a "potentially unwanted program." It is a direct-marketing adware application that generates pop-up advertisements. A DLL is installed as Browser Helper Object in Internet Explorer, and may also be injected into the explorer.exe and winlogon.exe processes. Context-based advertisements are displayed as the user browses the web. A unique identifier is created for the system during installation. This identifier is transmitted during retrieval of advertising content.
Example of an advertisement displayed after searching for "home refinancing" on the Google homepage:
This application does not display a license agreement when installed.
Privacy
A privacy policy is not displayed during installation. Possible privacy implications exist due to the use of a unique identifier and keywords to retrieve context-based ads during browsing.
System Changes
Note: Multiple variants of this software may exist that have varying file sizes, CLSIDs, etc.
General defaults for typical path variables (although they may be different, they usually are not):
%WinDir% = \WINDOWS (Windows 9x/ME/XP), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM32 (Windows 9x/ME/XP), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
Files Added
(mostly likely added to %SystemDir%, names may vary)
- jkhhe.dll (544 KB)
MD5: B7318AE1B1A7AC9D2D32E27FE41F4E45 - jkhhe.bak1 (332 KB)
- jkhhe.ini (332 KB)
Registry
The following registry keys are created:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
- HKEY_CLASSES_ROOT\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
- HKEY_CLASSES_ROOT\ATLDistrib.ATLDistrib.1
- HKEY_CLASSES_ROOT\ATLDistrib.ATLDistrib
Network Impact
Additional overhead in bandwidth due to download of advertising content.
Symptoms
N/A This is not a virus or trojan.
Method of Infection
N/A This is not a virus or trojan.
Variants
Variants
N/A
All Information
Overview -
This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.
Characteristics
Characteristics -
McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
Distribution
This is not a virus or a trojan. It is detected as a "potentially unwanted program." It is a direct-marketing adware application that generates pop-up advertisements. A DLL is installed as Browser Helper Object in Internet Explorer, and may also be injected into the explorer.exe and winlogon.exe processes. Context-based advertisements are displayed as the user browses the web. A unique identifier is created for the system during installation. This identifier is transmitted during retrieval of advertising content.
Example of an advertisement displayed after searching for "home refinancing" on the Google homepage:
This application does not display a license agreement when installed.
Privacy
A privacy policy is not displayed during installation. Possible privacy implications exist due to the use of a unique identifier and keywords to retrieve context-based ads during browsing.
System Changes
Note: Multiple variants of this software may exist that have varying file sizes, CLSIDs, etc.
General defaults for typical path variables (although they may be different, they usually are not):
%WinDir% = \WINDOWS (Windows 9x/ME/XP), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM32 (Windows 9x/ME/XP), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
Files Added
(mostly likely added to %SystemDir%, names may vary)
- jkhhe.dll (544 KB)
MD5: B7318AE1B1A7AC9D2D32E27FE41F4E45 - jkhhe.bak1 (332 KB)
- jkhhe.ini (332 KB)
Registry
The following registry keys are created:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
- HKEY_CLASSES_ROOT\CLSID\{93C6313C-9DB4-4694-8BD0-E378C573A9AD}
- HKEY_CLASSES_ROOT\ATLDistrib.ATLDistrib.1
- HKEY_CLASSES_ROOT\ATLDistrib.ATLDistrib
Network Impact
Additional overhead in bandwidth due to download of advertising content.
Symptoms
Symptoms -
N/A This is not a virus or trojan.
Method of Infection
Method of Infection -
N/A This is not a virus or trojan.
Removal -
Removal -
Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs
Variants
Variants -
N/A