Home / malware Adware:Win32/Malcole
First posted on 13 March 2012.
Source: MicrosoftAliases :
Adware:Win32/Malcole is also known as not-a-virus:AdWare.Win32.Stud.fju (Kaspersky), Adware/Agent.DC (Avira), Adware.Generic.146382 (BitDefender).
Explanation :
Adware:Win32/Malcole is an adware that collects information about the affected computer.
Top
Adware:Win32/Malcole is an adware that collects information about the affected computer.
Installation
During installation, Adware:Win32/Malcole may display a message similar to the following:
It drops a DLL file in the Windows system folder that is also detected as Adware:Win32/Malcole. The file name of the DLL file is identical to any other DLL file in the affected computer.
Adware:Win32/Malcole also creates the following registry entries as part of its installation routine:
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers
Sets value: "ProviderID6"
With data: "00000007"
Sets value: "ProviderFileName6"
With data: "<system folder>\<adware name>.dll"
In subkey: HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Sets value: "Locked"
With data: "1"
Additional information
Adware:Win32/Malcole gathers information about the affected computer, such as its MAC address and cookies to be sent to any of the following servers, which are currently inaccessible as of this writing:
- core.to
- goal.to
- vill.to
After installation, it opens an instance of the default web browser to the following URL:
www.browser-analyzer.com/go/f/wicking.de/?cid=%
Analysis by Marianne Mallen
Last update 13 March 2012
