WeatherCheck
|
Description:
|
Adware Bundler
|
|
Risk Level:
|
Low
|
|
Date of First Occurence:
|
Thursday, May 22, 2008
|
|
Software Developer:
|
(unknown)
|
|
Brief Info:
|
An Adware Bundler is a downloadable program that is typically "freeware" because it is bundled with advertising software -- adware
|
|
Removal:
|
This threat can be removed using "Spyware
Terminator"
|
SUPPRIMER SPYWARE »
Geographical Distribution of Threat "WeatherCheck"
Threat Info
View All
Detected Items
- Detected Files:
%ALLUSERS_APPDATA%\x0ff\x0ff.dll
MD5: 290BC62439F0AF7EC58C270C95DC9C75 Size:86016
MD5: 9C25D63785F1D2C4AE39AAEAB78E7567 Size:36864
%PROGRAMFILES%\WeatherCheck\wthrtray.exe
MD5: 20DAAEF91438F35FFBA2F6D8A8D84627 Size:55296
%ALLUSERS_APPDATA%\x2ff\xde90023.exe
MD5: 3E1D0F7D030B65B70F9DA74CA7CE2006 Size:49127
%ALLUSERS_APPDATA%\x2ff\xde07500.exe
MD5: 174B2BD1B8ACEB89DA03BE52767DA5E1 Size:22016
%ALLUSERS_APPDATA%\x2ff\x2ff.dll
MD5: 2C5D59217EAD9468F3343BA29A9B3E1B Size:48907
MD5: E8CC47FEC37ADE08DB927E2C5BE01D45 Size:58368
%ALLUSERS_APPDATA%\x2ff\xde82031.exe
MD5: 90E9473D7434A4103FD5603E3A9CE961 Size:105461
- Detected Files with variable Filenames:
MD5: 29BD191300DD9B6B790CE43F16E16C11 Size: 58368
%ALLUSERS_APPDATA%\x0ff\X0ff1.dll
%ALLUSERS_APPDATA%\x0ff\X0ff0.dll
%ALLUSERS_APPDATA%\x0ff\X0ff0.dll.ren
Detecting items list:
- Files by Name
%PROGRAMFILES%\WeatherCheck\wthrtray.exe
%START_PROGRAMS%\WeatherCheck\WeatherCheck.lnk
%ALLUSERS_APPDATA%\x0ff\~GLH0002.TMP
%ALLUSERS_APPDATA%\x0ff\x0ff.dll
%ALLUSERS_APPDATA%\x2ff\~GLH0004.TMP
%ALLUSERS_APPDATA%\x2ff\x2ff.dll
- Files by Directories
%PROGRAMFILES%\WeatherCheck %ALLUSERS_APPDATA%\x0ff
%ALLUSERS_APPDATA%\x2ff
- Files by CLSID or Name
CLSID=AC109D01-32D6-4EB5-8300-D3C5EBAC7C83
CLSID=D319662B-D5BF-4538-ADF3-8D3E36362608
- Registry Keys
HKCR\AppID\{D137514C-FFFA-492A-933B-D29145B7A468}
HKCR\AppID\{D1BB73A7-5D35-48C9-94C0-D0BD624B0F5D}
HKCR\AppID\x0ff.DLL
HKCR\AppID\x2ff.DLL
HKCR\x0ff.Xbrowse
HKCR\x0ff.Xbrowse.1
HKCR\x2ff.Xbrowse
HKCR\x2ff.Xbrowse.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC109D01-32D6-4EB5-8300-D3C5EBAC7C83}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D319662B-D5BF-4538-ADF3-8D3E36362608}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WthrTray
- Registry Values
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=X10Weax
«
Go to Software Database
