Full description

Virus:	ADSPY/SmartShoper
Date discovered:	15/10/2009
Type:	Security Privacy Risk
In the wild:	Yes
Reported Infections:	Low to medium
Distribution Potential:	Low
Damage Potential:	Low to medium
Static file:	Yes
File size:	1.185.056 Bytes
MD5 checksum:	f937c3907123ac59d333fbdc799fb5cf
IVDF version:	7.01.06.114 - Thursday, October 15, 2009

General Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Downloads a file
   • Drops a file
   • Registry modification

Files It deletes the following file:
   • %HOME%\Application Data\ShoppingReport\tmp.html

The following file is created:

– %HOME%\Application Data\ShoppingReport\tmp.html

It tries to download a file:

– The locations are the following:
   • http://partners.ShopperReports.com/partners/**********?RegisterInstallationFromInstaller&group=%character string%&iid=%character string%&cid=%character string%&uid=%character string%&UniqueCID=%character string%&bar_ver=%character string%&installation_date=%character string%&BANNER_ID&partner=%character string%&REQUESTOR_ID&Affiliate_Id&install_status=%number%&last_stage=%number%&ie_user_agent&os_ver=%character string%&ie_ver=%character string%&def_br_ver=%character string%
   • http://partners.ShopperReports.com/partners/**********?RegisterUnInstallationFromInstaller&partner=%character string%&group=%character string%&UID=%character string%&bar_ver=%character string%&CID&IID=%character string%&BANNER_ID&REQUESTOR_ID&COUNTRY&SG&USER_CREATE_DATE=%character string%&Affiliate_Id&ie_user_agent&os_ver=%character string%&ie_ver=%character string%&def_br_ver=%character string%
   • http://partners.ShopperReports.com/partners/**********?RegisterInstallationFromInstaller&group=%character string%&iid=%character string%&cid=%character string%&uid=%character string%&UniqueCID=%character string%&bar_ver=%character string%&installation_date=%character string%&BANNER_ID&partner=%character string%&REQUESTOR_ID&Affiliate_Id&install_status=%number%&last_stage=%number%&ie_user_agent&os_ver=%character string%&ie_ver=%character string%&def_br_ver=%character string%
   • http://partners.ShopperReports.com/partners/**********?RegisterInstallationFromInstaller&group=%character string%&iid=%character string%&cid=%character string%&uid=%character string%&UniqueCID=%character string%&bar_ver=%character string%&installation_date=%character string%&BANNER_ID&partner=%character string%&REQUESTOR_ID&Affiliate_Id&install_status=%number%&last_stage=%number%&ie_user_agent&os_ver=%character string%&ie_ver=%character string%&def_br_ver=%character string%
   • http://partners.ShopperReports.com/partners/**********?RegisterInstallationFromInstaller&group=%character string%&iid=%character string%&cid=%character string%&uid=%character string%&UniqueCID=%character string%&bar_ver=%character string%&installation_date=%character string%&BANNER_ID&partner=%character string%&REQUESTOR_ID&Affiliate_Id&install_status=%number%&last_stage=%number%&ie_user_agent&os_ver=%character string%&ie_ver=%character string%&def_br_ver=%character string%
   • http://partners.ShopperReports.com/partners/**********?RegisterInstallationFromInstaller&group=%character string%&iid=%character string%&cid=%character string%&uid=%character string%&UniqueCID=%character string%&bar_ver=%character string%&installation_date=%character string%&BANNER_ID&partner=%character string%&REQUESTOR_ID&Affiliate_Id&install_status=%number%&last_stage=%number%&ie_user_agent&os_ver=%character string%&ie_ver=%character string%&def_br_ver=%character string%

Registry The following registry keys are added:

– [HKLM\SOFTWARE\Classes\CLSID\
   {C9CCBB35-D123-4A31-AFFC-9B2933132116}]
   • "@"="IEButton"

– [HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\
   VersionIndependentProgID]
   • "@"="ShoppingReport.IEButton"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR]
   • "@"="%malware execution directory%"

– [HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID]
   • "@"="{100EB1FD-D03E-47FD-81F3-EE91287F9465}"

– [HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\
   VersionIndependentProgID]
   • "@"="ShoppingReport.HbInfoBand"

– [HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\
   TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"

– [HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]
   • "@"="ShoppingReport.IEButtonA.1"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS]
   • "@"="0"

– [HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1]
   • "@"="IEButton"

– [HKLM\SOFTWARE\Classes\CLSID\
   {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}]
   • "@"="ShoppingReport Price Comparison"

– [HKLM\SOFTWARE\Classes\Interface\
   {8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0]
   • "@"="PSClient 1.0 Type Library"

– [HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1]
   • "@"="IEButtonA"

– [HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   ToolboxBitmap32]
   • "@"="%executed file%, 102"

– [HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
   {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}]
   • "@"="ShoppingReport Price Comparison"
   • "BarSize"=""

– [HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\
   ProgID]
   • "@"="ShoppingReport.IEButtonA.1"

– [HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"

– [HKLM\SOFTWARE\Classes\Interface\
   {D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}]
   • "@"="IHbAx"

– [HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID]
   • "@"="{A16AD1E9-F69A-45AF-9462-B1C286708842}"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR]
   • "@"="%malware execution directory%"

– [HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID]
   • "@"="{20EA9658-6BC3-4599-A87D-6371FE9295FC}"

– [HKLM\SOFTWARE\Classes\Interface\
   {8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib]
   • "@"="{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\
   ProgID]
   • "@"="ShoppingReport.IEButton.1"

– [HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   ProgID]
   • "@"="ShoppingReport.HbAx.1"

– [HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]
   • "@"="ShoppingReport.IEButton.1"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0]
   • "@"="Smrt_Shpr 1.0 Type Library"

– [HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\
   InprocServer32]
   • "@"="%executed file%"
   • "ThreadingModel"=""

– [HKLM\SOFTWARE\Classes\Interface\
   {AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\ShoppingReport.HbAx]
   • "@"="HbAx"

– [HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID]
   • "@"="{100EB1FD-D03E-47FD-81F3-EE91287F9465}"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS]
   • "@"="0"

– [HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA]
   • "@"="IEButtonA"

– [HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   Version]
   • "@"="1.0"

– [HKLM\SOFTWARE\Classes\CLSID\
   {A16AD1E9-F69A-45AF-9462-B1C286708842}]
   • "@"="IEButtonA"

– [HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\
   TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"

– [HKLM\SOFTWARE\Classes\Interface\
   {D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\
   InprocServer32]
   • "@"="%executed file%"
   • "ThreadingModel"=""

– [HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]
   • "@"="ShoppingReport.RprtCtrl.1"

– [HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID]
   • "@"="{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}"

– [HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\
   VersionIndependentProgID]
   • "@"="ShoppingReport.RprtCtrl"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32]
   • "@"="%executed file%"

– [HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\
   TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"

– [HKLM\SOFTWARE\Classes\Interface\
   {AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib]
   • "@"="{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32]
   • "@"="%executed file%"

– [HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   InprocServer32]
   • "@"="%executed file%"
   • "ThreadingModel"=""

– [HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\
   ProgID]
   • "@"="ShoppingReport.RprtCtrl.1"

– [HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID]
   • "@"="{C9CCBB35-D123-4A31-AFFC-9B2933132116}"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0]
   • "@"="HbExternalLib"

– [HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\
   InprocServer32]
   • "@"="%executed file%"
   • "ThreadingModel"=""

– [HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1]
   • "@"="HbAx"

– [HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]
   • "@"="ShoppingReport.HbInfoBand.1"

– [HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1]
   • "@"="ShoppingReport Price Comparison"

– [HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID]
   • "@"="{20EA9658-6BC3-4599-A87D-6371FE9295FC}"

– [HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\
   ProgID]
   • "@"="ShoppingReport.HbInfoBand.1"

– [HKLM\SOFTWARE\Classes\Interface\
   {8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}]
   • "@"="ILeftPane"

– [HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]
   • "@"="ShoppingReport.HbAx.1"

– [HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\
   InprocServer32]
   • "@"="%executed file%"
   • "ThreadingModel"=""

– [HKLM\SOFTWARE\Classes\CLSID\
   {20EA9658-6BC3-4599-A87D-6371FE9295FC}]
   • "@"="HbAx"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
   • "@"="ShoppingReport"

– [HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID]
   • "@"="{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}"

– [HKLM\SOFTWARE\Classes\ShoppingReport.IEButton]
   • "@"="IEButton"

– [HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\
   TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\FLAGS]
   • "@"="0"

– [HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl]
   • "@"="ShoppingReport"

– [HKLM\SOFTWARE\Classes\Interface\
   {AEBF09E2-0C15-43C8-99BF-928C645D98A0}]
   • "@"="IBrowserAdapter"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32]
   • "@"="%executed file%"

– [HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\
   VersionIndependentProgID]
   • "@"="ShoppingReport.IEButtonA"

– [HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand]
   • "@"="ShoppingReport Price Comparison"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR]
   • "@"="%malware execution directory%"

– [HKLM\SOFTWARE\Classes\CLSID\
   {100EB1FD-D03E-47FD-81F3-EE91287F9465}]
   • "@"="ShoppingReport"

– [HKLM\SOFTWARE\Classes\Interface\
   {AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   VersionIndependentProgID]
   • "@"="ShoppingReport.HbAx"

– [HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]
   • "@"="ShoppingReport"

– [HKLM\SOFTWARE\Classes\Interface\
   {8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID]
   • "@"="{C9CCBB35-D123-4A31-AFFC-9B2933132116}"

– [HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID]
   • "@"="{A16AD1E9-F69A-45AF-9462-B1C286708842}"

The following registry keys are changed:

– [HKLM\SOFTWARE\ShoppingReport]
   New value:
   • "ie_user_agent"=""

– [HKCU\Software\ShoppingReport]
   New value:
   • "InstallCreateDate"="%character string%"
   • "UID"="%character string%"
   • "UserCreateDate"="%character string%"
   • "cookies_flag"=dword:0x00000001
   • "ie_user_agent"=""
   • "iid"="%character string%"

Description inserted by Petre Galan on Tuesday, April 6, 2010
Description updated by Andrei Ivanes on Tuesday, April 6, 2010

Back . . . .

Need to fix your PC?

Call Us

+1 800-403-7019

Drop us a line

We'll get back to you lickety-split.

Nice to hear from you!

Thank you for contacting Avira.

Featured products

More products

Most popular

All products

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools

Call Us

+1 800-403-7019

Drop us a line

We'll get back to you lickety-split.

Nice to hear from you!

Thank you for contacting Avira.

Featured products

More products

Most popular

All products

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools