McAfee > Theat Center > PUP Detail Page

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program." It is a direct-marketing adware application. Clickstream data (full URLs and arguments) are transmitted to fullcontext.net during browsing. Though not observed during testing, there are indications within the application code that point to possible display of advertisements keyed to specific words or phrases. No entry is created in the Add/Remove Programs control panel, nor is any folder or link created in the Start Menu. The application employs the "AppInit_DLLs" registry key to ensure it is launched at each boot.

This application does not display a license agreement when installed. Installation is completely silent. There does not appear to be any information listed on the website with which the software communicates (www.fullcontext.net) The same standard "Lorem Ipsum" placeholder text passage appears on all the navigable pages.

Privacy

No privacy policy is displayed during installation (installation is silent). No privacy policy was found on the fullcontext.net website.

Due to transmisson of URL and search keyword data to 3rd party servers during browsing, there is the potential that personally identifiable information may be sent to fullcontext.net servers.

System Changes

General defaults for typical path variables (although they may be different, they usually are not):
%WinDir% = \WINDOWS (Windows 9x/ME/XP), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM32 (Windows 9x/ME/XP), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

Files Added

• Downloader: fchelp.exe (260 KB)
  MD5: 5B246A5D857A1E7181CCD6609DFFA9CC

• Installer: usetup.exe (230 KB)
  MD5: 48583D4E02D1FF5FD17A487C22F19A47

• %SystemDir%\runner.dll (60 KB)
  MD5: 3FD74B3EBD9AA56DB31FA7AF0A562AFD

• %ProgramFiles%\fcadvice\uninstall.exe (32 KB)
  MD5: 46B8A8CCD298CC074546932AA79CF4AA

• %ProgramFiles%\fcadvice\patterns.dat (size and MD5 may vary)

• %ProgramFiles%\fcadvice\fcadvice.exe (268 KB)
  MD5: A33A228609A797A6296640BE407F38B3

• %ProgramFiles%\fcadvice\fcadvice.dll (92 KB)
  MD5: 50F643586F74A74587EC3582C695B293

Registry

The following registry keys are created:

• HKEY_CURRENT_USER\Software\FCHelp

• HKEY_CURRENT_USER\Software\FCAdvice

• HKEY_CLASSES_ROOT\TypeLib\{1B8B502E-455B-4022-BE77-FB6D9F808A18}

• HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html
  "CLSID"="{994D478A-45D0-4DB4-AE77-288B1E346E99}"

• HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html
  "(default)"="FCEngine.MimeFilter"
• HKEY_CLASSES_ROOT\CLSID\{994D478A-45D0-4DB4-AE77-288B1E346E99}

The following registry keys are modified:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
  "AppInit_DLLs"="Runner.dll"

Network Impact

Additional overhead in bandwidth due to transmission of browsing data to remote servers, and possible retrieval of advertisement content.

Removal

Aliases

Aliases

N/A