Content

Adware-SecSvcPack

Type
Program
SubType
Adware
Discovery Date
09/25/2007
Minimum DAT
5127 (09/25/2007)
Updated DAT
5127 (09/25/2007)
Minimum Engine
5.1.00
Description Added
09/25/2007
Description Modified
09/25/2007 8:46 AM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.aspx for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program." It is a browser helper object (BHO) that integrates with Internet Explorer.

This application does not display a license agreement when installed.

Privacy

A privacy policy is not displayed during installation.

The DLL contains strings suggesting interception or collection of web search terms during browsing. The only direct behavior observed was repeated attempts to contact plugin.secureservicepack.com on TCP port 7777 during browsing activity. Several packets were sent at each attempt, but all of zero byte length. The Secureservicepack.com domain is currently parked with GoDaddy, suggesting the authors of this software may be out of business or otherwise defunct.

System Changes

General defaults for typical path variables (although they may be different, they usually are not):
%SystemDir% = \WINDOWS\SYSTEM32 (Windows XP), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

Files

  • Installer: setup.exe (849 KB, MD5: 802596A8CE461F0488EA3B15D1A40070)
  • %SystemDir%\SecureServicePack2.dll (113 KB, MD5: 1E2CC343AD482137D69A7692C6074343)
  • %SystemDir%\sspnetstreamlib.dll (145 KB)
  • %SystemDir%\sspnetflt.ax (113 KB)
  • %SystemDir%\sspctrls.ocx (285 KB)
  • %SystemDir%\ringout.wav (5 KB)
  • %SystemDir%\ringin.wav (9 KB)
  • %SystemDir%\i263_32.drv (382 KB)
  • %ProgramFiles%\secureservicepack\uninstall.exe (34 KB)

Registry

The following registry elements associated with the BHO are created:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    "{DFEFF09F-785E-4191-8E5D-A7650A1C4F9A}"="IESideBar"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEAA}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFEFF09F-785E-4191-8E5D-A7650A1C4F9A}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{DFEFF09F-785E-4191-8E5D-A7650A1C4F9A}
  • HKEY_CLASSES_ROOT\TypeLib\{90BB6171-83D8-43DE-94D4-6C0078DD7896}
  • HKEY_CLASSES_ROOT\SecureServicePack.BHO.1
  • HKEY_CLASSES_ROOT\SecureServicePack.BHO
  • HKEY_CLASSES_ROOT\Interface\{B5918C1E-B0CD-4123-A0CB-CFE9703A265B}
  • HKEY_CLASSES_ROOT\CLSID\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEAA}
  • HKEY_CLASSES_ROOT\CLSID\{DFEFF09F-785E-4191-8E5D-A7650A1C4F9A}

Network Impact

Repeated attempts to contact plugin.secureservicepack.com on TCP port 7777

Aliases

Aliases

    N/A