republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » CCleaner now installs with adware?
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Ubuntu Linux 7.10 fixes Highly Critical flaws in KOffice »
« Security Software Updates - 15 Nov 2007  
AuthorAll Replies


sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs:		reply to MagMan
Re: CCleaner now installs with adware?

I'm using NAV 2006 and have CC 2.02.257. I ran a AV scan yesterday and I just noticed that it tagged the same thing - Adware.SystemProcess
to forum · permalink · · 2007-11-11 11:07:30 · Reply to this


Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:

 »www.symantec.com/security_respon···&tabid=2
quote:
Updated: February 13, 2007 11:46:22 AM
Type: Adware
Version: 1.0.0.1
Risk Impact: High
File Names: ccapp.exe,navshext.dll
Systems Affected: Windows 2000, Windows 98, Windows CE, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.SystemProcess is executed, it performs the following actions:

1. Creates the following files:

* %System%\ccapp.exe
* %System%\navshext.dll
* %System%\p.dat
* %System%\system.dat

Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

2. Downloads the following file:

%System%\ustart.exe (This is detected as Adware.WintaskAd.)

3. Creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\Startup
HKEY_LOCAL_MACHINE\SOFTWARE\System Process
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects
\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\anrdoezrs.net
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\bfast.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\cc-dt.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\commission-junction.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\dpbolvw.net
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\fastclick.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\fastclick.net
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\jdoqocy.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\kqzyfj.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\linksynergy.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\qksrv.net
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\tkqlhce.com

4. Adds the value:

"*.system-processes.com" = ""

to the registry subkey:

HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software
\Microsoft\Internet Explorer\New Windows\Allow

5. Adds the value:

"%Windir%\system32\ccapp.exe" = "%Windir%\system32\ccapp.exe:*:Enabled:System Process"

to the registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\AuthorizedApplications\List

6. Adds the value:

"System Process Uninstall" = "%Windir%\system32\ccapp.exe UAF"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
to forum · permalink · · 2007-11-11 12:05:10 · Reply to this
Forums » Up and Running » Security » SecurityUbuntu Linux 7.10 fixes Highly Critical flaws in KOffice »
« Security Software Updates - 15 Nov 2007  

Saturday, 28-Nov 14:13:29 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [75] TiVo Sees Record Customer Losses
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [61] Weekend Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Why would I want an e reader? [General Questions]
· Using AirMax to provide triple play services? [Wireless Service Providers]
· [Newsgroups] Newzleech down? [Filesharing Software]
· Whats the big deal about being "Old School"....? [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· So we need a legitimate reason to use a lot of bandwidth? [TekSavvy]
· Why does it take so long? Mail question [General Questions]
· TPIA review by Electronic Box [Canadian Broadband]
· Gizmo5 has added a Google Voice section in its members area. [VOIP Tech Chat]
· Using DIR-615 C1/3.01 with Trendnet TEW-652BRP in N Mode [D-Link]