Home / malware

PDF

Adware:Win32/Adkubru

First posted on 15 August 2019.
Source: Microsoft

Aliases :

Adware:Win32/Adkubru is also known as Trojan.Win32.BHO.aiif, Trojan.BHO.AJEN, TR/BHO.aiif, Win32/BHO.OAD, Trojan.Win32.BHO.

Explanation :

Adware:Win32/Adkubru is a program that delivers pop-up advertisements and changes the default start page and search settings. Installation Adware:Win32/Adkubru is installed as the following:   %ProgramFiles%objectho_project.dll   It is installed as a BHO by the creation of the following entries:   Adds subkeys: HKLMSOFTWAREClassesho_project.bho_object HKLMSOFTWAREClassesho_project.bho_object.1 HKLMSOFTWAREClassesCLSID{66D8FBA6-D90F-40A9-AC55-84896F79CA69}   Adds value: "(default)" With data: "%ProgramFiles%objectho_project.dll" In subkey: HKLMSOFTWAREClassesCLSID{66D8FBA6-D90F-40A9-AC55-84896F79CA69}InprocServer32   Adds value: "installid" With data: "{1f39dbe1-45e9-46c7-8e13-43dc8832adfa}" In subkey: HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{66D8FBA6-D90F-40A9-AC55-84896F79CA69} Execution Modifies Internet Explorer settings Adware:Win32/Adkubru modifies the following registry entries:   Adds value: "Start Page" With data: "http://www.startsearcher.com" In subkey: HKLMSoftwareMicrosoftInternet ExplorerMain   Adds value: "DisplayName" With data: "Search" Adds value: "ShowSearchSuggestions" With data: "dword:00000001" Adds value: "SuggestionsURL" With data: "http://clients5.google.com/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding}" Adds value: "URL" With data: "http://www.startsearcher.com/?q={searchTerms}&src=IETB" In subkey: HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes   Displays advertisements Adware:Win32/Adkubru may connect to the following website and display unwanted ads:   ad.adurr.com/ad.js.php   Analysis by Elda Dimakiling

Last update 15 August 2019

 

TOP