Adware-VirusBurst

Content

Adware-VirusBurst

Type: Program
SubType: Adware
Discovery Date: 09/20/2006
Minimum DAT: 4856 (09/20/2006)
Updated DAT: 4916 (12/11/2006)
Minimum Engine: 5.1.00
Description Added: 09/20/2006
Description Modified: 11/17/2006 7:06 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program". This is an anti-spyware application claiming to remove unwanted malicious spyware programs.
In order to clean or delete any files labeled as “malicious spyware”, you must first enter a valid serial number to activate the full version or click on the “Buy Online” button and purchase the full version.

This application displays a license agreement when installed. The agreement appears to be a standard legal boilerplate and does not clearly indicate the functionality of the software. A copy of the EULA was not available on the virusbursters.com website.

Privacy

A privacy policy is not displayed during installation. However, a policy can be accessed on the author's website: http://virusbursters.com/privacy.php

System Changes

General defaults for typical path variables (although they may be different, they usually are not):
%WinDir% = \WINDOWS (Windows 9x/ME/XP), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM32 (Windows 9x/ME/XP), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
"*" - Denotes files that, though installed along with the software, are by themselves innocent and not included in detection.

Files Added

    * Installer: vb_distrib.exe (2 814 364 bytes)
    * %ProgramFiles%\VirusBursters\uninst.exe (41 450 bytes)
    * %ProgramFiles%\VirusBursters\VirusBursters.url (51 bytes)
    * %ProgramFiles%\VirusBursters\VirusBursters.exe (1 372 160 bytes)
    * %ProgramFiles%\VirusBursters\vir.dat (1 387 384 bytes)
    * %ProgramFiles%\VirusBursters\msvcr71.dll* (348 160 bytes)
    * %ProgramFiles%\VirusBursters\msvcp71.dll* (499 712 bytes)
    * %ProgramFiles%\VirusBursters\Lang\English.ini (32 739 bytes)
    * %ProgramFiles%\VirusBursters\Quarantine\
    * c:\documents and settings\(user name)\Start Menu\VirusBursters 6.2.lnk (742 bytes)
    * c:\documents and settings\(user name)\Start Menu\Programs\VirusBursters\Uninstall VirusBursters 6.2.lnk (541 bytes)
    * c:\documents and settings\(user name)\Start Menu\Programs\VirusBursters\VirusBursters 6.2.lnk (754 bytes)
    * c:\documents and settings\(user name)\Start Menu\Programs\VirusBursters\VirusBursters 6.2 Website.lnk (754 bytes)
    * c:\documents and settings\(user name)\Desktop\VirusBursters.lnk (754 bytes)
    * c:\documents and settings\(user name)\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBursters 6.2.lnk (754 bytes)

Registry

The following registry keys are created:

    * HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters
    * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      "VirusBursters"="C:\Program Files\VirusBursters\virusbursters.exe /h"
    * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters
    * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe "(Default)"="C:\Program Files\VirusBursters\virusbursters.exe"
    * HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    * HKEY_CLASSES_ROOT\TypeLib\{7F78A644-C4A7-4F71-BA4E-5323AA95E7D5}
    * HKEY_CLASSES_ROOT\Interface\{0AF62F35-D454-42B3-A1AB-83934DCE5C03}
    * HKEY_CLASSES_ROOT\Interface\{0D5332E4-6D74-484D-A7FA-8C81135772E5}
    * HKEY_CLASSES_ROOT\Interface\{132E8735-44E8-4991-B24F-46E375480C77}
    * HKEY_CLASSES_ROOT\Interface\{31023EB1-DBFA-4959-92F1-5031347AF7CA}
    * HKEY_CLASSES_ROOT\Interface\{5EB46647-1B09-46CE-B226-8B1E63C7CBFD}
    * HKEY_CLASSES_ROOT\Interface\{5EBBCC5D-A38F-43CD-918F-9C02CA79DF46}
    * HKEY_CLASSES_ROOT\Interface\{8CCCA599-5B2E-4F5A-AF9C-057B01E86510}
    * HKEY_CLASSES_ROOT\Interface\{A6DC33FD-0A23-42BD-86D2-D5138F1FA43B}
    * HKEY_CLASSES_ROOT\Interface\{A77F53FD-44C4-4C9D-A3F9-276DE0883C68}
    * HKEY_CLASSES_ROOT\Interface\{BE02DC3C-8DA6-4424-A07D-93C6F9BC3534}
    * HKEY_CLASSES_ROOT\Interface\{CD0C9501-80D4-48F1-A18A-4D9F1C7A844E}
    * HKEY_CLASSES_ROOT\Interface\{DEDBC675-8F5F-49D7-A65A-ADEE6502C01F}
    * HKEY_CLASSES_ROOT\Interface\{E8A0CCD3-5ACB-4DAA-BFAF-2B848627D553}
    * HKEY_CLASSES_ROOT\Interface\{EFC5443A-147A-440B-B7A7-9E30F6EA9D8B}
    * HKEY_CLASSES_ROOT\Interface\{F6D4E489-014B-4BC9-83D7-8547B386AFED}
    * HKEY_CLASSES_ROOT\Interface\{FBFB63BC-426B-4FAC-B634-D986255809D0}
    * HKEY_CLASSES_ROOT\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}

Network Impact

Possible increase in overhead bandwidth due to download of additional components or updates.

Removal

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Aliases

N/A

McAfee > Theat Center > PUP Detail Page

Navigation

Utility Navigation

Global Sites

Need Help?

Threat Center

Segment Navigation

Section Navigation

Content