Home / malwarePDF  

Adware:Win32/InfoAtoms


First posted on 08 April 2013.
Source: Microsoft

Aliases :

Adware:Win32/InfoAtoms is also known as Adware.Plugin.21 (Dr.Web).

Explanation :



Adware:Win32/InfoAtoms may be installed from the program's website by offers in third-party software installers. It may also be installed alongside Adware:Win32/AddLyrics.



Installation

When run, the installer for Adware:Win32/InfoAtoms creates a folder named "InfoAtoms" in %ProgramFiles% and installs the following files there:

  • 3rd Party Licenses\buildcrx-license.txt
  • 3rd Party Licenses\Info-ZIP-license.txt
  • 3rd Party Licenses\nsJSON-license.txt
  • 3rd Party Licenses\UAC-license.txt
  • terms-of-service.rtf
  • Uninstall.exe


Adware:Win32/InfoAtoms installs itself as a BHO (browser helper object), which can be seen in Internet Explorer's Manage Add-ons window, as in the following screenshot:



It installs the following files as part of its installation as an Internet Explorer add-on, Chrome extension and Firefox plug-in:

  • For the Chrome extension, it installs the following:
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\background.html
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\background.js (detected asAdware:Win32/InfoAtoms)
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\icon-128.png
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\icon-16.png
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\icon-48.png
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\manifest.json
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\options.css
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\options.html
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\options.js
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\vitruvian.bootstrap.js
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\vitruvian.plugin-api.js
    • %ProgramFiles% \InfoAtoms.crx
  • For the Internet Explorer add-on, it installs the following:
    • %ProgramFiles% \ InfoAtoms\IE32\InfoAtomsClientIE.dll (detected as Adware:Win32/InfoAtoms)
  • For the Firefox plug-in, it installs the following:
    • %ProgramFiles% \InfoAtoms\FireFox\infoatoms@infoatoms.com.xpi
    • %ProgramFiles% \Mozilla Firefox\defaults\preferences\!InfoAtoms.js
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome.manifest
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\install.rdf
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome\content\browser.xul
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome\content\icon-48.png
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome\content\icon-64.png
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome\content\vitruvian.bootstrap.js
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome\content\vitruvian.plugin-api.js (detected asAdware:Win32/InfoAtoms)
    • %ProgramFiles% \Mozilla Firefox\InfoAtoms.cfg


It also creates an installation entry called "InfoAtoms" in the Programs and Features section of the Control Panel. Running this uninstaller removes Adware:Win32/InfoAtoms from your computer.



Execution

Once installed, Adware:Win32/InfoAtoms displays advertisements to your as you browse the Internet, as in the following examples:









Analysis by Chris Stubbs

Last update 08 April 2013

 

TOP

Malware :