Home / malwarePDF  

Adware:Win32/Bayads


First posted on 07 June 2016.
Source: Microsoft

Aliases :

There are no other names known for Adware:Win32/Bayads.

Explanation :

Installation

As part of its installation process, we have seen this threat create a folder in the format %LOCALAPPDATA%\, for example:

We have seen the threat use the following for the :

  • bdraw
  • delta
  • dlclient
  • Pay-By-Ads
  • pricehorse


It creates the following files in the folder:
  • .exe for example bdraw.exe, dlclient.exe, or dsrlte.exe
  • .exe for example bdsetup.exe, dlsetup.exe, or dsrsetup.exe
  • .dll for example aajjeUoi.dll
  • .dll for example Loomkjid.dll
  • app.ini
  • chromext64.dll
  • hlpr64.exe
  • res.dll


It makes the following changes to the registry to ensure that it runs each time you start your PC:

In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "" for example "dlclient"
With data: "
" for example "C:\Users\admin\AppData\Local\dlclient\dlclient\1.3.23.0\dlclient.exe"

It also schedules a job so that it can update and run itself every 10 minutes.

Behavior

Displays ads that you can't control

This program can show you extra ads. These ads can appear:
  • In your web browser: such as search helpers, hover links, and banner ads.
  • Outside of your web browser: such as pop ups, balloon ads, and toast notifications.


These advertisements would not be shown if this program wasn't installed on your PC.

The name of the publisher differs from that shown on the ads, which might make it difficult for you to find the program that displays these ads.



Analysis by Diana Lopera

Last update 07 June 2016

 

TOP

Malware :