Content

Adware-Pcadprotector

Type
Program
SubType
Adware
Discovery Date
11/28/2005
Minimum DAT
4638 (11/28/2005)
Updated DAT
4733 (04/04/2006)
Minimum Engine
5.1.00
Description Added
11/28/2005
Description Modified
12/31/2005 2:01 PM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program." It appears to be a direct-marketing adware application that generates a scrolling alert message that drops down periodically from the top of the screen. The messages claim that the host system is infected with malicious software.

Clicking on the scrolling banner opens a browser window to a website purporting to review/recommend anti-malware applications. In actuality this appears more likely to be an affiliate ploy to increase the number of installations of the software titles credited to them. Among the three "reviewed" products is the known PUP Adware-SpySheriff .

The following URL is used to bring up the "review & comparison" page:
http://pcadprotector.cc/index.php?qq=RS&pin=12047

Upon execution of the program an entry is created in the Registry run key (pointing to the current location of the executable when it is first run) to ensure the software is launched at each system startup. The software runs silently in the background, but is viewable as an independent process in the Task Manager.

This application does not display a license agreement when installed.

Privacy

No privacy policy is displayed during installation.

System Changes

General defaults for typical path variables (although they may be different, they usually are not):
%WinDir% = \WINDOWS (Windows 9x/ME/XP), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM32 (Windows 9x/ME/XP), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

Files Added

  • 106b.exe (19 KB) (name may vary)
    MD5: A14412EC5ADD852369A1E1C543E35A88

Registry

The following registry keys are created:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "106b.exe"="%path_on_execution%\106b.exe"

Network Impact

It is possible that this software might download or install additional data or software, but such behavior has not been observed.

Aliases

Aliases

    N/A