Home / malwarePDF  

SoftwareBundler:Win32/Protlerdob


First posted on 29 October 2012.
Source: Microsoft

Aliases :

There are no other names known for SoftwareBundler:Win32/Protlerdob.

Explanation :



SoftwareBundler:Win32/Protlerdob is a program that presents itself as a free movie download, but instead bundles with it a number of programs that may charge you for services.



Installation

You may electively download this tool, that presents itself as a free movie download, as an executable file such as "filme.exe", that looks like the following image:



It may create any number of folders, including:

  • %Documents and Settings%\All Users\Start Menu\Programs\Acelerador de Downloads
  • %Documents and Settings%\All Users\Start Menu\Programs\DealPly
  • %ProgramFiles%\Acelerador de Downloads
  • %ProgramFiles%\DealPly


SoftwareBundler:Win32/Protlerdob also creates a number of files, including:

  • %Documents and Settings%\All Users\Desktop\Acelerador de Downloads.lnk
  • %Documents and Settings%\All Users\Desktop\ CONTA PRIME.lnk


As part of its installation, the program may also create any number of registry keys, including:

  • HKCU\Software\DealPly
  • HKLM\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - DealPly CLSID
  • HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - DealPly BHO


The program may place an uninstaller in the Add or Remove Programs window, as seen in the image below:



Execution

If you run the program, you will see a window that looks like it's downloading offers, similar to the following:



While you cannot stop the installation through the GUI (graphical user interface), installation can be stopped if you turn off your computer.

Once the offers have been downloaded, you will be presented with some offers, that may look something like the following:



If you continue with the installation, by clicking the "Avancar" (Advance) button, DealPly, one of the offers, will be installed.

The offers may appear in the Manage Add-ons window, such as the following:



One offer we observed being bundled was that for a horoscope service, which you could sign up for, that would be delivered to your mobile for the cost of a premium SMS.



Eventually, you may be directed to a website that offers you movie downloads for a fee.





Analysis by Michael Johnson

Last update 29 October 2012

 

TOP

Malware :