Systweak Spyware Library
Systweak Spyware Library text
More than 815338 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adware.007Guard.a Analysis Report
Threat Level:
Threat Submitted On: 5/10/2007 3:16:59 PM
Threat Analysed On: 5/10/2007 8:16:59 PM
Type : Adware
Alias : AdWare.Win32.007Guard.a [Kaspersky Labs] [Symantec] [McAfee]
Md5 Hash : [ 6a841cbb01a4ad19503b92d18728d7a3 ]
File Size : (20482 bytes)
Description:
Adware programs secretly embed themselves on the victim’s computer, hijack the browsi

007Guard.a

Adware.007Guard.a
shows some basic symptoms on execution which are as follows:-
  • Displays porn/abusive content or intrusive third-party advertisements.
    •
  • Shows deceptive or false warning.
    •
  • Generates advertisement even when the program is not running
    •
  • Synchronously installs other bundled program.
    •
  • The program can places unwanted adverts on computer screen.
    •

    Here are the Technical findings of our analysis team after analyzing this malware in detail :-

    Loads The following DLL(s)[Dynamic Link Library] when this malware is executed :-

    %windir%\system32\ntdll.dll

    %windir%\system32\kernel32.dll

    %windir%\system32\mfc42.dll

    %windir%\system32\msvcrt.dll

    %windir%\system32\gdi32.dll

    %windir%\system32\user32.dll

    %windir%\system32\advapi32.dll

    %windir%\system32\rpcrt4.dll

    %windir%\system32\shell32.dll

    %windir%\system32\shlwapi.dll

    %windir%\system32\vsmvhk.dll

    %windir%\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\

    %windir%\system32\comctl32.dll

    %windir%\system32\oleaut32.dll

    %windir%\system32\ole32.dll

    %windir%\system32\wsock32.dll

    %windir%\system32\ws2_32.dll

    %windir%\system32\ws2help.dll

    %windir%\system32\pstorec.dll

    %windir%\system32\atl.dll

    %windir%\system32\wship6.dll

    %windir%\system32\secur32.dll

    comctl32.dll

    comctl32.dll

    version.dll

    %windir%\system32\shimeng.dll

    %windir%\apppatch\acgenral.dll

    %windir%\system32\winmm.dll

    %windir%\system32\msacm32.dll

    %windir%\system32\version.dll

    %windir%\system32\userenv.dll

    %windir%\system32\uxtheme.dll

    Creates the following child process(s) on execution:

    regsvr32 /s %workingdir%\6a841cbb01a4ad195the007guard.ocx

    regsvr32 /s %systemdrive%\progra~1\the guard\the007guard.ocx

    regsvr32 /s d:\progra~1\the guard\the007guard.ocx

    regsvr32 /s e:\progra~1\the guard\the007guard.ocx

    Microsoft Gold Certified Partner

    © Systweak Inc., 1999-2009 All rights reserved.