SecurityHome.eu Adware:Win32/Bayads

Explanation :

Threat behavior

Installation

As part of its installation process, we have seen this threat create a folder in the format %LOCALAPPDATA%\, for example:

We have seen the threat use the following for the :

bdraw

delta

dlclient

Pay-By-Ads

pricehorse

.exe for example bdraw.exe, dlclient.exe, or dsrlte.exe

.exe for example bdsetup.exe, dlsetup.exe, or dsrsetup.exe

.dll for example aajjeUoi.dll

.dll for example Loomkjid.dll

app.ini

chromext64.dll

hlpr64.exe

res.dll

" for example "dlclient"
With data: "

" for example "C:\Users\admin\AppData\Local\dlclient\dlclient\1.3.23.0\dlclient.exe"

It also schedules a job so that it can update and run itself every 10 minutes.

Behavior

Displays ads that you can't control

This program can show you extra ads. These ads can appear:

In your web browser: such as search helpers, hover links, and banner ads.
Outside of your web browser: such as pop ups, balloon ads, and toast notifications.

These advertisements would not be shown if this program wasn't installed on your PC.

The name of the publisher differs from that shown on the ads, which might make it difficult for you to find the program that displays these ads.

Analysis by Diana Lopera

Symptoms

The following can indicate that you have this program on your PC:

You have these files

.exe for example bdraw.exe, dlclient.exe, or dsrlte.exe
.exe for example bdsetup.exe, dlsetup.exe, or dsrsetup.exe
.dll for example aajjeUoi.dll
.dll for example Loomkjid.dll
app.ini
chromext64.dll
hlpr64.exe
res.dll

You see these entries or keys in your registry:

In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "" for example "dlclient"
With data: "
" for example "C:\Users\admin\AppData\Local\dlclient\dlclient\1.3.23.0\dlclient.exe"

Last update 01 October 2015

TOP

Adware:Win32/Bayads

Aliases :

Explanation :

Malware :