Home / malware Adware.PlayMP3z.B
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Adware.PlayMP3z.B.
Explanation :
This application is meant to "collect" personal information from the clients computer and use it in marketing or suspicious practices. When executed the adware displays a pop-up with the EULA (as seen in the above screenshot).
After the user clicks "I Agree" the software installs or downloads these files :
%Temp%Mirar_V55_876933_LOG_IESC_AFF_ATD_TID_noMDNS_RPT_AVM.exe%Temp% em2.tmp.exe%Temp% em6.tmp.exe%Temp% emA.tmp.exe%Temp% emB.tmp.exe%Start Menu%ProgramsPlayMP3zRun PlayMP3z.lnk%Program Files%BrowsingAdvisorBrowsingAdvisor-1.dll%Program Files%BrowsingAdvisorpcre3.dll%Program Files%BrowsingAdvisoruninstall.exe%Program Files%PlayMP3zPlayMP3.exe%Program Files%PlayMP3zuninstall.exe%Program Files%Search SpiderDownloadGnutella.exe%Program Files%Search SpiderSpiderUpdate.exe%Program Files%Search SpiderSearchSpider.dll%system32%WinNB55.dllIt also creates these registry entries:
HKEY_CURRENT_USERSoftwareMirarHKEY_CURRENT_USERSoftwareBrowsingAdvisorHKEY_CURRENT_USERSoftwareMediaHoldingsHKEY_CURRENT_USERSoftwarePlayMP3HKEY_CURRENT_USERSoftwareSearchSpiderHKEY_LOCAL_MACHINESOFTWAREClassesBrowsingAdvisor.BrowserWatcherHKEY_LOCAL_MACHINESOFTWAREClassesBrowsingAdvisor.PornPro_BHOHKEY_LOCAL_MACHINESOFTWAREClassesSearchSpider.SpiderBHOHKEY_LOCAL_MACHINESOFTWAREClassesSearchSpider.SpiderBarHKEY_LOCAL_MACHINESOFTWAREClassessearchspiderHKEY_LOCAL_MACHINESOFTWARERelatedPageInstallHKEY_LOCAL_MACHINESYSTEMControlSet001Servicessearchspidersvc
The installed files are detected by BitDefender as Adware.PornPro.A, Adware.Netnucleus.B or different versions of Adware.Mirar.
From the EULA we can notice the sort of private information collector that the adware is ( from the chapter "Permissions You Grant Us" - this is actually a chunk of the malware EULAs and the italic selected text could help the user understand the kind of threat the software represents for his privacy) :
1) You grant Media Holding Enterprises the right to collect, retain and analyze all information pertaining to the use of your computer. This may include, but is not limited to, information and data regarding the use and surfing of the Internet; Internet browsing habits; URLs accessed and/or visited; other Licensed Materials packages that may have installed; search keywords; links, banners and/or ads clicked; domain names; Internet Service Provider information; Dynamic Host Configuration Protocol and Internet Protocol (static or dynamic) addresses; and/or the duration and number of visit(s) to websites and pages (collectively the "Information"). With respect to any Information gathered by the Licensed Materials, you agree that Media Holding Enterprises may use such Information for its business purposes, including, but not limited to; product support; Internet surfing trends and analysis; Information aggregation; pattern and geographic analysis; marketing, and development; both for ourselves and for third parties. You grant us the express permission to share and/or sell any of the Information we collect with 3rd Parties.
2) Upon installation and/or registration of the Licensed Materials, you grant to Media Holding Enterprises your express permission to contact you with important information about your account and updates to our services, policies and business practices. You have the option to choose not to be contacted by uninstalling the Licensed Materials. If any information you provide to Media Holding Enterprises is incomplete or inaccurate, we have the right to terminate your license and ability to use the Licensed Materials.
3) You grant to Media Holding Enterprises your express permission to augment your Internet search results with context-sensitive advertising, to provide a specialized toolbar for targeted marketing and search results, to install icons for advertising link/launchers; all to work in conjunction with and as an enhancement to your present Internet browser technology.
4) You grant to Media Holding Enterprises your express permission to deliver to you, as part of the functionality of the Licensed Materials: a) URL based pop-up and pop-under advertising or search-relevant links b) error page helpers for DNS and 404 page errors c) the delivery and automatic installation of all updates and enhancements to the Licensed Materials d) the bundling of 3rd Party software applications with the Licensed Materials and any updates/enhancements of same.Last update 21 November 2011
