Home / malwarePDF  

Adware:Win32/Luckytender


First posted on 16 March 2009.
Source: SecurityHome

Aliases :

Adware:Win32/Luckytender is also known as Also Known As:not-a-virus:AdWare.Win32.Agent.fps (Kaspersky), :Trj/Agent.KGA (Panda).

Explanation :

Adware:Win32/Luckytender is a BHO (Browser Helper Object) that may display advertisements while the user browses Web sites. It may connect to the Web site 'LuckyTender.com'.

Symptoms
System ChangesThe following system changes may indicate the presence of Adware:Win32/Luckytender:

  • The presence of the following files:
    %ProgramFiles%LuckyTender1.3.0LuckyTender.dll
    %ProgramFiles%LuckyTenderuninst.exe
  • The presence of the following registry subkeys:
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallLuckyTender
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5E2402A0-5F99-4188-B30D-D8743996B340}
    HKLMSOFTWAREClassesSliderShow.SliderShowCtrlCLSID
    HKLMSOFTWAREClassesCLSID{5E2402A0-5F99-4188-B30D-D8743996B340}
    HKLMSOFTWAREClassesCLSID{3794345D-C731-4FBB-8471-73DDC8DFFDD2}
    HKLMSOFTWAREClassesInterface{13E3FF74-B861-4E69-B223-43D711686832}
    HKLMSOFTWAREClassesInterface{DE85A67A-3F04-4ABA-A10B-A37B220AFB70}
    HKLMSOFTWAREClassesInterface{3794345D-C731-4FBB-8471-73DDC8DFFDD2}
    HKLMSOFTWAREClassesTypeLib{96EDCF67-4637-4288-9A0D-4282EBF26D62}
  • The display of the following entry in the 'Add or Remove Programs' menu in your Control Panel:
    LuckyTender 1.3.0


    • Adware:Win32/Luckytender is a BHO (Browser Helper Object) that may display advertisements while the user browses Web sites.

    Installation
    Upon execution, Adware:Win32/Luckytender drops the following components: %ProgramFiles%LuckyTender1.3.0LuckyTender.dll
    %ProgramFiles%LuckyTenderuninst.exe It creates the following registry subkey and entry: Adds value: "DisplayName"
    With data: "LuckyTender 1.3.0"
    Adds value: "UninstallString"
    With data: "%ProgramFiles%LuckyTenderuninst.exe"
    Adds value: "DisplayVersion"
    With data: "1.3.0"
    Adds value: "URLInfoAbout"
    With data: "http://www.LuckyTender.com"
    Adds value: "Publisher"
    With data: "LuckyTender"
    To subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallLuckyTender It also creates the following registry subkeys and entries to register its dropped files as a BHO: Adds value: "(default)"
    With data: "luckytender"
    To subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5E2402A0-5F99-4188-B30D-D8743996B340} Adds value: "(default)"
    With data: "{5e2402a0-5f99-4188-b30d-d8743996b340}"
    To subkey: HKLMSOFTWAREClassesSliderShow.SliderShowCtrlCLSID Adds subkeys:
    HKLMSOFTWAREClassesCLSID{5E2402A0-5F99-4188-B30D-D8743996B340}
    HKLMSOFTWAREClassesCLSID{3794345D-C731-4FBB-8471-73DDC8DFFDD2} Adds subkeys:
    HKLMSOFTWAREClassesInterface{13E3FF74-B861-4E69-B223-43D711686832}
    HKLMSOFTWAREClassesInterface{DE85A67A-3F04-4ABA-A10B-A37B220AFB70}
    HKLMSOFTWAREClassesInterface{3794345D-C731-4FBB-8471-73DDC8DFFDD2} Adds subkey: HKLMSOFTWAREClassesTypeLib{96EDCF67-4637-4288-9A0D-4282EBF26D62}

    Analysis by Francis Allan Tan Seng

    Last update 16 March 2009

     

    TOP

    Malware :