Content
Adware-DirectWeb
- Type
- Program
- SubType
- Adware
- Discovery Date
- 12/03/2007
- Minimum DAT
- 5176 (12/03/2007)
- Updated DAT
- 5189 (12/19/2007)
- Minimum Engine
- 5.1.00
- Description Added
- 12/03/2007
- Description Modified
- 12/27/2007 2:25 AM (PT)
Tab Navigation
Characteristics
McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.
Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
When executed this program connects to the webserver, download and install mutiple files on system. It also downloads a keylogging software to monitor and log user activity.
Upon execution the program drops following files
- dgweb.dll
- dgup.exe
- dg.dat
- dweb.dat
- unistall.exe
- instsrv.exe
- srvany.exe
- netgear.exe
- dgup.exe
- klog.exe
The program creates one or more of the following entries in the Windows Registry
- HKEY_LOCAL_MACHINE\SOFTWARE\WindowsDirectWeb
- HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\InProcServer32
- HKLM\Software\Microsoft\Windows\CurrentVersion\run\dgup.exe
The program connects to the following website and download multiple malicious executables on user's system.
- direct-web.co.kr
Aliases
Aliases
-
N/A
