Content

Adware-BDSearch.dr

Type
Program
SubType
Dropper
Discovery Date
07/25/2006
Length
Minimum DAT
4814 (07/25/2006)
Updated DAT
5809 (11/21/2009)
Minimum Engine
5.1.00
Description Added
07/25/2006
Description Modified
07/31/2006 4:14 AM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.aspx for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.aspx for information about how to enable, disable, and exclude detection of legitimately installed programs.

This is not a Virus or Trojan. It is an adware dropper which drops adware related components on the system.

Summary:

Upon execution it connects to “http://dl.jiangmin.com” and adds “BaiduBar.dll” as Browser Helper Object for the Internet Explorer and installs itself as the toolbar for the Internet explorer as shown below.

Browser Helper Objects are executable files that are loaded when the browser is launched. They can perform various tasks, such as generating extra pop-up ads, monitoring page navigation, etc.

Any search made from the search box of the toolbar will connect to “www.baidu.com”

In the background it makes internet connections without user’s knowledge with “bar.baidu.com”, “sobar.baidu.com” and “sobartop.baidu.com”

It also adds links to “www.baidu.com”, “bar.baidu.com”, “sobar.baidu.com” and “sobartop.baidu.com” in the start menu programs folder

Privacy:

EULA is displayed during installation.

Installation:

File name: “B27AE735.EXE”
MD5Hash: “b27ae7358f90fc152ff0579e0c39285a”

Following folders are added:

  • c:\Program Files\baidu
  • c:\Documents and Settings\All Users\Application Data\Baidu
  • c:\Documents and Settings\All Users\Start Menu\Programs\
    ½­Ãñ¿Æ¼¼¹¤¾ßÀ¸
  • c:\Documents and Settings\<USER>\Application Data\Baidu

Following files are added:

  • InstDll.dll (Detected as Adware-BDSearch)
  • BaiduBar.dll
  • bdgdins.dll (Detected as Adware-BDSearch)

Following registry keys are added:

  • HKEY_CLASSES_ROOT\CLSID\
    {77FEF28E-EB96-44FF-B511-3185DEA48697}
  • HKEY_CLASSES_ROOT\
    CLSID\{7C76C055-ED6E-4535-A70F-CD476E727F67}
  • HKEY_CLASSES_ROOT\CLSID\
    {A7F05EE4-0426-454F-8013-C41E3596E9E9}
  • HKEY_CLASSES_ROOT\CLSID\
    {B580CF65-E151-49C3-B73F-70B13FCA8E86}
  • HKEY_CLASSES_ROOT\CLSID\
    {FE14F22E-BE14-4F08-A80F-F27BC3A67B2D}
  • HKEY_CLASSES_ROOT\Interface\
    {464C8A26-31E9-411C-9583-5B858E631DCC}
  • HKEY_CLASSES_ROOT\Interface\
    {89FDCC4B-8D91-49B0-81A6-18BCFF582735}
  • HKEY_CLASSES_ROOT\Interface\
    {96249369-D3DC-4AE6-8A3B-E7109D46E98D}
  • HKEY_CLASSES_ROOT\Interface\
    {A294F8EB-86D9-4C4A-8B3E-909253761C64}
  • HKEY_CLASSES_ROOT\MimeFilter.AdFilter
  • HKEY_CLASSES_ROOT\MimeFilter.AdFilter.1
  • HKEY_CLASSES_ROOT\TypeLib\
    {6AFC2761-1253-427C-9A56-385B4609BE1D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion\Explorer\Browser Helper Objects\ {77FEF28E-EB96-44FF-B511-3185DEA48697}

Network Impact

Additional overhead in the bandwidth due to unwanted internet connections.

 

Symptoms

Method of Infection

Variants

Variants

    N/A

All Information

Overview -

Aliases

  • Adware/Bdsearch (Fortinet)

Characteristics

Characteristics -

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.aspx for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.aspx for information about how to enable, disable, and exclude detection of legitimately installed programs.

This is not a Virus or Trojan. It is an adware dropper which drops adware related components on the system.

Summary:

Upon execution it connects to “http://dl.jiangmin.com” and adds “BaiduBar.dll” as Browser Helper Object for the Internet Explorer and installs itself as the toolbar for the Internet explorer as shown below.

Browser Helper Objects are executable files that are loaded when the browser is launched. They can perform various tasks, such as generating extra pop-up ads, monitoring page navigation, etc.

Any search made from the search box of the toolbar will connect to “www.baidu.com”

In the background it makes internet connections without user’s knowledge with “bar.baidu.com”, “sobar.baidu.com” and “sobartop.baidu.com”

It also adds links to “www.baidu.com”, “bar.baidu.com”, “sobar.baidu.com” and “sobartop.baidu.com” in the start menu programs folder

Privacy:

EULA is displayed during installation.

Installation:

File name: “B27AE735.EXE”
MD5Hash: “b27ae7358f90fc152ff0579e0c39285a”

Following folders are added:

  • c:\Program Files\baidu
  • c:\Documents and Settings\All Users\Application Data\Baidu
  • c:\Documents and Settings\All Users\Start Menu\Programs\
    ½­Ãñ¿Æ¼¼¹¤¾ßÀ¸
  • c:\Documents and Settings\<USER>\Application Data\Baidu

Following files are added:

  • InstDll.dll (Detected as Adware-BDSearch)
  • BaiduBar.dll
  • bdgdins.dll (Detected as Adware-BDSearch)

Following registry keys are added:

  • HKEY_CLASSES_ROOT\CLSID\
    {77FEF28E-EB96-44FF-B511-3185DEA48697}
  • HKEY_CLASSES_ROOT\
    CLSID\{7C76C055-ED6E-4535-A70F-CD476E727F67}
  • HKEY_CLASSES_ROOT\CLSID\
    {A7F05EE4-0426-454F-8013-C41E3596E9E9}
  • HKEY_CLASSES_ROOT\CLSID\
    {B580CF65-E151-49C3-B73F-70B13FCA8E86}
  • HKEY_CLASSES_ROOT\CLSID\
    {FE14F22E-BE14-4F08-A80F-F27BC3A67B2D}
  • HKEY_CLASSES_ROOT\Interface\
    {464C8A26-31E9-411C-9583-5B858E631DCC}
  • HKEY_CLASSES_ROOT\Interface\
    {89FDCC4B-8D91-49B0-81A6-18BCFF582735}
  • HKEY_CLASSES_ROOT\Interface\
    {96249369-D3DC-4AE6-8A3B-E7109D46E98D}
  • HKEY_CLASSES_ROOT\Interface\
    {A294F8EB-86D9-4C4A-8B3E-909253761C64}
  • HKEY_CLASSES_ROOT\MimeFilter.AdFilter
  • HKEY_CLASSES_ROOT\MimeFilter.AdFilter.1
  • HKEY_CLASSES_ROOT\TypeLib\
    {6AFC2761-1253-427C-9A56-385B4609BE1D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion\Explorer\Browser Helper Objects\ {77FEF28E-EB96-44FF-B511-3185DEA48697}

Network Impact

Additional overhead in the bandwidth due to unwanted internet connections.

 

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants -

    N/A