Home / malwarePDF  

Adware:Win32/Blindbat


First posted on 11 April 2014.
Source: Microsoft

Aliases :

There are no other names known for Adware:Win32/Blindbat.

Explanation :

Threat behavior

Installation

Adware:Win32/Blindbat adds a plug-in to Internet Explorer, as in this example:



It may also try to install to Firefox or Chrome, but we were unable to confirm that behavior.

The program installs the following files into the folder %ProgramFiles%\blindbat:

  • blindbatUninstall.exe
  • blindbatBHO.dll
  • blindbat.ico


It also modifies the following registry keys to install itself on your PC:

  • HKLM\software\blindbat
  • HKLM\SOFTWARE\CLASSES\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
  • HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
  • HKLM\SOFTWARE\CLASSES\CLSID\{a7283e35-7d50-43f7-b698-b29f6b5fe256}
  • HKLM\SOFTWARE\CLASSES\INTERFACE\{A653C2BF-2527-4CA5-B18E-CF0199205274}
  • HKLM\SOFTWARE\CLASSES\TYPELIB\{cb1efc96-b4ad-4a33-b6fe-7f7bf4039d0a}\1.0
  • HKLM\software\microsoft\windows\currentversion\explorer\Browser Helper Objects\{a7283e35-7d50-43f7-b698-b29f6b5fe256}


Behavior

Adware:Win32/Blindbat shows you ads as you browse the Internet, as shown in the following examples:







Analysis by Aaron Hullet

Symptoms

The following could indicate that you have this program on your PC:

  • You have these files in the folder %ProgramFiles%\blindbat:
    • blindbatUninstall.exe
    • blindbatBHO.dll
    • blindbat.ico
  • You see extra ads on the Internet:




Last update 11 April 2014

 

TOP

Malware :