Content

Adware-Boran.dr

Type
Program
SubType
Dropper
Discovery Date
05/23/2006
Minimum DAT
4768 (05/23/2006)
Updated DAT
5330 (07/02/2008)
Minimum Engine
5.1.00
Description Added
05/23/2006
Description Modified
06/06/2006 12:43 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.aspx  for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.aspx for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary:

This is not a virus or Trojan. It is an adware dropper. Upon execution, it drops files which are detected as Adware-Boran. The dropped files are responsible for adding a BHO (Browser Helper Object) in Internet Explorer and may also open extra browser windows while surfing, such as one shown below:              

        

For more details about the activity of the adware, kindly see Adware-Boran.

Privacy :

No license agreement is displayed during installation, although one could be displayed by another installer if bundled with another application. No privacy policy related to the software could be found. 

Installation:

File name: setup.exe
MD5Hash: aaf5d2833e75789fd90b87cb4b3bd1bf

Upon executing the application, following directory is created:

  • %Program Files%\MMSAssist

Following files are added:

  • %Program Files%\MMSAssist\Mmsass~1.dll
  • %System32%\STDSVER.DLL
  • %System32%\stdup.dll

Following registries are added:

  • HKEY_CLASSES_ROOT\Ad.AxObj
  • HKEY_CLASSES_ROOT\Ad.AxObj.1
  • HKEY_CLASSES_ROOT\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}
  • HKEY_CLASSES_ROOT\InsII.brins
  • HKEY_CLASSES_ROOT\Interface\{74289A79-E652-4A57-A6B9-EE64AD532A8D}
  • HKEY_CLASSES_ROOT\MMSBho.MMSAssist
  • HKEY_CLASSES_ROOT\MMSBho.MMSAssist.1
  • HKEY_CLASSES_ROOT\MMSBho.MMSAssistMenu
  • HKEY_CLASSES_ROOT\MMSBho.MMSAssistMenu.1
  • HKEY_CLASSES_ROOT\TypeLib\{077525AC-C681-4139-8C3E-B582BDD375C7}
  • HKEY_CLASSES_ROOT\TypeLib\{22F87D75-7DD1-4545-94B3-CA80C0F462C6}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {6671A433-5C3D-463d-A7CF-5587F9B7E191}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Explorer\Browser Helper Objects\{6671A431-5C3D-463d-A7CF-5587F9B7E191}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Explorer\Browser Helper Objects\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MMSAssist
  • HKEY_LOCAL_MACHINE\SOFTWARE\MMSAssist
  • HKEY_LOCAL_MACHINE\SOFTWARE\Stdup
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ >> ²ÊÐÅ•¢ËÍ <<

Following service is added:

  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\StdService

Aliases

Aliases

  • Adware.Borlander (Doctor Web)
  • Adware.Win32.Boran.g (Kaspersky)
  • Borlan,Adware (Pest Patrol)