Home / malware Adware:Win32/Webalta
First posted on 13 April 2012.
Source: MicrosoftAliases :
Adware:Win32/Webalta is also known as SearchPage (other), TR/Ivelog.F.1 (Avira), Adware.Webalta.2 (ESET), AdWare.Win32.Webalta (Ikarus).
Explanation :
Adware:Win32/Webalta is a detection for adware that redirects the web browser to a website named "webalta.ru". Webalta may download and execute updates from the website "update.webalta.ru".
Top
Adware:Win32/Webalta is a detection for adware that redirects the web browser to a website named "webalta.ru". Webalta may download and execute updates from the website "update.webalta.ru".
Installation
The software may be installed from "setup.downvision.com". When installed, the program files are present as the following:
- %USERPROFILE%\Application Data\Webaltaservice\webaltaservice.exe
- %USERPROFILE%\Application Data\ Webaltaservice\webaltaservice.cfg
The system registry is modified to run Webalta as a service at each Windows start.
In subkey: HKLM\SYSTEM\ControlSet001\Services\WebaltaService
Sets value: "ImagePath"
To data: "%USERPROFILE%\Application Data\WebaltaService\WebaltaService.exe -start"
When a web browser is launched, Webalta redirects the browser to an advertisement-based site named "start.webalta.ru".
Additional information
Webalta attempts to download files that are advertisement-related from the site "stats.webalta.ru" using HTTP port 80. It also gathers details about the local system's process information and sends that to "stats.webalta.ru" using HTTP POST.
Analysis by Hong Jia
Last update 13 April 2012