Content

Adware-DesktopMedia

Type
Program
SubType
Adware
Discovery Date
02/13/2006
Length
Minimum DAT
4695 (02/13/2006)
Updated DAT
5715 (08/20/2009)
Minimum Engine
5.1.00
Description Added
02/13/2006
Description Modified
04/27/2006 7:04 AM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is a Browser Helper Object (BHO) that may redirect web browsing and/or produce intermittent popup advertisements (typically in Chinese - see for an example) while the user browses the web with Internet Explorer. Upon execution, the application contacts dmcast.com for random links to advertisement websites.

 

Privacy

This application displays an End User License Agreement (EULA) in Chinese during installation. The agreement covers licensing/usage obligations and the user authorizes the popup advertisements upon installation. It may also be installed with other ad-supported applications which may display a varied version of the EULA. This agreement is not available on the vendor's dmcast.com website.

This application also routinely checks and download new or updated components from the dmcast.com website.

NOTICE: This detection is limited to the components associated with the popup advertisements. 

Installation

Files Added

Name: C:\Program Files\%Application Name%\Cast\%Version%\dmbar.dll
Size: 172,032 bytes (may vary)
Hash: 77cc851853353e2d86f7d205eaf12611 (may vary)

Name: C:\Program Files\%Application Name%\Cast\%Version%\dmshell.dll
Size: 489,984 bytes (may vary)
Hash: 231a3886d187d7ec63dab60e3a52d389 (may vary)

Name: C:\Program Files\%Application Name%\Cast\%Version%\dmipn.dll
Size: 139,264 bytes (may vary)
Hash: 36574b492cdffbf29bf849e086a22e54 (may vary)

Name: C:\Program Files\%Application Name%\Cast\%Version%\dmsched.exe
Size: 139,264 bytes (may vary)
Hash: 9c2ea46ddaa8986035ff0beb1edb0c57 (may vary)

Name: C:\Program Files\%Application Name%\Cast\%Version%\dmplayer.dll (absent in new versions)
Size: 897,024 bytes (may vary)
Hash: da90976a441d940f4136195917432dab (may vary)

Registry Changes

Keys added:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FCA37BA-7259-4BF1-878B-A39FA83BFBBB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dmbar.dmbar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1FCA37BA-7259-4BF1-878B-A39FA83BFBBB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media
  • HKEY_LOCAL_MACHINE\SOFTWARE\dmshareware

Values added:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dmclient\lastupdate = [LAST UPDATE]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dmclient\dmclient_sid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dmclient\dmclient_mid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dmclient\dmclient_iip = [USER'S IP ADDRESS]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dmclient\dmclient_idate = [INSTALL DATE] 
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\autoupdatetime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dldir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\path = "C:\Program Files\%APPLICATION NAME%\Cast\%VERSION%"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\vendor: = "0,dmplugin,DesktopMedia"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\ver = "2.1.1.1"HKEY_LOCAL_MACHINE\SOFTWARE\dmshareware\Owner = "dmclient"

Network Impact

Additional overhead in bandwidth consumption due to download of advertisement content, application updates and addtional components.

 

Symptoms

Method of Infection

Removal

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Use the ADD/REMOVE Programs Control Panel in Windows to remove this program.

Variants

Variants

    N/A

All Information

Overview -

Aliases

  • Adware.DesktopMedia (Symantec)
  • AdWare.Win32.Dm.a (Kaspersky)
  • ShareHelper,Adware (CA)

Characteristics

Characteristics -

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is a Browser Helper Object (BHO) that may redirect web browsing and/or produce intermittent popup advertisements (typically in Chinese - see for an example) while the user browses the web with Internet Explorer. Upon execution, the application contacts dmcast.com for random links to advertisement websites.

 

Privacy

This application displays an End User License Agreement (EULA) in Chinese during installation. The agreement covers licensing/usage obligations and the user authorizes the popup advertisements upon installation. It may also be installed with other ad-supported applications which may display a varied version of the EULA. This agreement is not available on the vendor's dmcast.com website.

This application also routinely checks and download new or updated components from the dmcast.com website.

NOTICE: This detection is limited to the components associated with the popup advertisements. 

Installation

Files Added

Name: C:\Program Files\%Application Name%\Cast\%Version%\dmbar.dll
Size: 172,032 bytes (may vary)
Hash: 77cc851853353e2d86f7d205eaf12611 (may vary)

Name: C:\Program Files\%Application Name%\Cast\%Version%\dmshell.dll
Size: 489,984 bytes (may vary)
Hash: 231a3886d187d7ec63dab60e3a52d389 (may vary)

Name: C:\Program Files\%Application Name%\Cast\%Version%\dmipn.dll
Size: 139,264 bytes (may vary)
Hash: 36574b492cdffbf29bf849e086a22e54 (may vary)

Name: C:\Program Files\%Application Name%\Cast\%Version%\dmsched.exe
Size: 139,264 bytes (may vary)
Hash: 9c2ea46ddaa8986035ff0beb1edb0c57 (may vary)

Name: C:\Program Files\%Application Name%\Cast\%Version%\dmplayer.dll (absent in new versions)
Size: 897,024 bytes (may vary)
Hash: da90976a441d940f4136195917432dab (may vary)

Registry Changes

Keys added:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FCA37BA-7259-4BF1-878B-A39FA83BFBBB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dmbar.dmbar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1FCA37BA-7259-4BF1-878B-A39FA83BFBBB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media
  • HKEY_LOCAL_MACHINE\SOFTWARE\dmshareware

Values added:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dmclient\lastupdate = [LAST UPDATE]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dmclient\dmclient_sid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dmclient\dmclient_mid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dmclient\dmclient_iip = [USER'S IP ADDRESS]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dmclient\dmclient_idate = [INSTALL DATE] 
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\autoupdatetime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\dldir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\path = "C:\Program Files\%APPLICATION NAME%\Cast\%VERSION%"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\vendor: = "0,dmplugin,DesktopMedia"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Media\Cast\ver = "2.1.1.1"HKEY_LOCAL_MACHINE\SOFTWARE\dmshareware\Owner = "dmclient"

Network Impact

Additional overhead in bandwidth consumption due to download of advertisement content, application updates and addtional components.

 

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Use the ADD/REMOVE Programs Control Panel in Windows to remove this program.

Variants

Variants -

    N/A