Content

Adware-TargetAD

Type
Program
SubType
Adware
Discovery Date
12/20/2005
Minimum DAT
4654 (12/20/2005)
Updated DAT
4886 (11/01/2006)
Minimum Engine
5.1.00
Description Added
12/20/2005
Description Modified
03/09/2006 2:37 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary

This is not a virus or Trojan. It is an adware application. Upon execution, it adds a BHO (Browser Helper Object) in the Internet Explorer and also contacts its parent site “targetad.net”. While browsing, it makes connections to many other websites such as “newerjob.com”, “a.keyrun.com”, “51sgfy.com” etc. It also opens extra Internet Explorer windows while browsing internet such as one shown below:

Privacy

No license agreement is displayed during installation, although one could be displayed by another installer if bundled with another application. No privacy policy related to the software could be found.

Installation

File name: Target.dll
MD5Hash: 0443b4901307fd99e954bec14901d43a

Following folders are added:

  • %PROGRAMFILES%\Microsoft
  • %PROGRAMFILES%\Microsoft\Office
  • %PROGRAMFILES%\Microsoft\Office\0.9.0.9
  • %PROGRAMFILES%\NetMeting
  • %PROGRAMFILES%\NetMeting\Target
  • %PROGRAMFILES%\NetMeting\Target\0.9.0.8

Following files are added:

  • Office.dll
  • Target.dll
  • dllhost.exe
  • Symentec.exe

Following registries are added:

  • HKEY_CLASSES_ROOT\CLSID\{002AF282-E42D-4B51-9F70-F1570C02FAAD}
  • HKEY_CLASSES_ROOT\CLSID\{0A5EF610-EFB6-4AC4-A22A-3CA6B8148D08}
  • HKEY_CLASSES_ROOT\Interface\{1B54093E-6F8D-4B96-B9FE-1F0026AA872A}
  • HKEY_CLASSES_ROOT\Interface\{E16DCA92-8478-4BB0-B557-08012E8EAE00}
  • HKEY_CLASSES_ROOT\TypeLib\{DAA57276-EBF7-422E-AA7A-5CC7788A2A20}
  • HKEY_CLASSES_ROOT\TargetAD.Target
  • HKEY_CLASSES_ROOT\TargetAD.TargetReg
  • HKEY_CURRENT_USER\Software\TargetAD
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Explorer\Browser Helper Objects\{002AF282-E42D-4B51-9F70-F1570C02FAAD}

Network Impact

Additional overhead in bandwidth may occur due to unwanted internet connections.

Aliases

Aliases

  • Adware.Win32.WinAD.bu -- Kaspersky