SecurityHome.eu Adware.Bundler.Funwebproducts.M

Home / malware PDF

Adware.Bundler.Funwebproducts.M

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Adware.Bundler.Funwebproducts.M is also known as Funwebproducts.
Explanation :
Adware.Bundler.Funwebproducts consists in several programs (used to configure some aspect of your computer such as icons, cursor, and screensaver) and a toolbar. It also installs a search bar (MySearch) for internet explorer. This adware is located on:

http://funwebproducts.com/ { removed }

When Adware.Bundler.Funwebproducts is installed, it performs the following actions:

a) Creates the following directories (and subdirectories)

Ø C:Program FilesFunWebProducts

Ø C:Program FilesMyWebSearchWBar

b) Create the following registry keys

Ø HKEY_CLASSES_ROOTFunWebProducts.DataControl.1

Ø HKEY_CLASSES_ROOTFunWebProducts.DataControl

Ø HKEY_CLASSES_ROOTFunWebProducts.HistoryKillerScheduler.1

Ø HKEY_CLASSES_ROOTFunWebProducts.HistoryKillerScheduler

Ø HKEY_CLASSES_ROOTFunWebProducts.HistorySwatterControlBar.1

Ø HKEY_CLASSES_ROOTFunWebProducts.HistorySwatterControlBar

Ø HKEY_CLASSES_ROOTFunWebProducts.HTMLMenu.1

Ø HKEY_CLASSES_ROOTFunWebProducts.HTMLMenu

Ø HKEY_CLASSES_ROOTFunWebProducts.HTMLMenu.2

Ø HKEY_CLASSES_ROOTFunWebProducts.IECookiesManager.1

Ø HKEY_CLASSES_ROOTFunWebProducts.IECookiesManager

Ø HKEY_CLASSES_ROOTFunWebProducts.KillerObjManager.1

Ø HKEY_CLASSES_ROOTFunWebProducts.KillerObjManager

Ø HKEY_CLASSES_ROOTFunWebProducts.KillerObjManager

Ø HKEY_CLASSES_ROOTFunWebProducts.PopSwatterBarButton.1

Ø HKEY_CLASSES_ROOTFunWebProducts.PopSwatterBarButton

Ø HKEY_CLASSES_ROOTFunWebProducts.PopSwatterSettingsControl.1

Ø HKEY_CLASSES_ROOTFunWebProducts.PopSwatterSettingsControl

Ø HKEY_CLASSES_ROOTFunWebProducts.ShellViewControl.1

Ø HKEY_CLASSES_ROOTFunWebProducts.ShellViewControl

Ø HKEY_CLASSES_ROOTMyWebSearch.HTMLPanel.1

Ø HKEY_CLASSES_ROOTMyWebSearch.HTMLPanel

Ø HKEY_CLASSES_ROOTMyWebSearch.OutlookAddin.1

Ø HKEY_CLASSES_ROOTMyWebSearch.OutlookAddin

Ø HKEY_CLASSES_ROOTMyWebSearch.PseudoTransparentPlugin.1

Ø HKEY_CLASSES_ROOTMyWebSearch.PseudoTransparentPlugin

Ø HKEY_CLASSES_ROOTMyWebSearchToolBar.SettingsPlugin.1

Ø HKEY_CLASSES_ROOTMyWebSearchToolBar.SettingsPlugin

Ø HKEY_CLASSES_ROOTMyWebSearchToolBar.ToolbarPlugin.1

Ø HKEY_CLASSES_ROOTMyWebSearchToolBar.ToolbarPlugin

Ø HKEY_CLASSES_ROOTScreenSaverControl.ScreenSaverInstaller.1

Ø HKEY_CLASSES_ROOTScreenSaverControl.ScreenSaverInstaller

Ø HKEY_LOCAL_MACHINESOFTWAREFun Web Products

Ø HKEY_LOCAL_MACHINESOFTWAREFunWebProducts

Ø HKEY_LOCAL_MACHINESOFTWAREMyWebSearch

c) Adds following value for HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun [Name = MyWebSearch Email Plugin]
[Value = C:PROGRA~1MYWEBS~1ar1.binmwsoemon.exe]
witch will run mywebserarch plug-in automatically on windows starts.

d) %PROGRAMFILES%/mywebsearchar1.binmwsbar.dll and
%PROGRAMFILES%/mywebsearchsrchastt1.binmwssrcas.dll are register as BHO for internet explorer

%PROGRAMFILES%mywebsearchsrchastt1.binmwssrcas.dll is register as Url Search Hooks for Internet Explorer
Last update 21 November 2011

TOP

Malware :

Last 20