Systweak Spyware Library
Systweak Spyware Library text
More than 815338 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adware.404Search.d Analysis Report
Threat Level:
Threat Submitted On: 5/10/2007 3:31:48 PM
Threat Analysed On: 5/10/2007 8:31:48 PM
Type : Adware
Alias : AdWare.Win32.404Search.d [Kaspersky Labs] [Symantec] [McAfee]
Md5 Hash : [ cf616fc3d29f2ab162e2d58759dcc62a ]
File Size : (102400 bytes)
Description:
Adware programs secretly embed themselves on the victim’s computer, hijack the browsi

404Search.d

Adware.404Search.d
shows some basic symptoms on execution which are as follows:-
  • Displays porn/abusive content or intrusive third-party advertisements.
    •
  • Shows deceptive or false warning.
    •
  • Generates advertisement even when the program is not running
    •
  • Synchronously installs other bundled program.
    •
  • The program can places unwanted adverts on computer screen.
    •

    Here are the Technical findings of our analysis team after analyzing this malware in detail :-

    Loads The following DLL(s)[Dynamic Link Library] when this malware is executed :-

    %windir%\system32\ntdll.dll

    %windir%\system32\kernel32.dll

    %windir%\system32\shfolder.dll

    %windir%\system32\msvcrt.dll

    %windir%\system32\advapi32.dll

    %windir%\system32\rpcrt4.dll

    %windir%\system32\shlwapi.dll

    %windir%\system32\gdi32.dll

    %windir%\system32\user32.dll

    %windir%\system32\wininet.dll

    %windir%\system32\crypt32.dll

    %windir%\system32\msasn1.dll

    %windir%\system32\oleaut32.dll

    %windir%\system32\ole32.dll

    %windir%\system32\shell32.dll

    %windir%\system32\vsmvhk.dll

    %windir%\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\

    %windir%\system32\comctl32.dll

    %windir%\system32\wsock32.dll

    %windir%\system32\ws2_32.dll

    %windir%\system32\ws2help.dll

    %windir%\system32\pstorec.dll

    %windir%\system32\atl.dll

    %windir%\system32\wship6.dll

    %windir%\system32\secur32.dll

    shell32.dll

    %programfiles%\404search\404search.dll

    comctl32.dll

    rasapi32.dll

    rtutils.dll

    shell32.dll

    userenv.dll

    netapi32.dll

    Creates the following child process(s) on execution:

    services.exe

    Creates the Following MUTEX(s) on user's System:-
    raspbfile
    Tries To Connect to The Following Urls:-
    Http_Version :http/1.1
    67.99.176.30/cgi-bin/404searchpop/fof_log.cgi?op=uninstall&sourceid= ñ
    Microsoft Gold Certified Partner

    © Systweak Inc., 1999-2009 All rights reserved.