Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:Adspy/Bho.GamePla.B
Date discovered:14/03/2012
Type:Adware/Spyware
Subtype:Bho
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
File size:475.480 Bytes
MD5 checksum:f8b474e24a282b278c0E8ac39bb6c099
VDF version:7.11.25.96 - Wednesday, March 14, 2012
IVDF version:7.11.25.96 - Wednesday, March 14, 2012

 General Method of propagation:
   • No own spreading routine

The file works interdependently with these components:
   •  Adspy/Bho.GamePl.BB


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Registry modification

 Registry It registers a browser helper object (BHO) by adding the following key:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{11111111-1111-1111-1111-110011221158}]
   • "(Default)"="CrossriderApp0002258"
   • "NoExplorer"="dword:0x00000001"



The following registry keys are added:

– [HKCR\CLSID\{11111111-1111-1111-1111-110011221158}]
   • "(Default)"="I Want This"

– [HKCR\CLSID\{11111111-1111-1111-1111-110011221158}\InprocServer32]
   • "(Default)"="%malware file%"

– [HKCR\CLSID\{11111111-1111-1111-1111-110011221158}\ProgID]
   • "(Default)"="CrossriderApp0002258.BHO.1"

– [HKCR\CLSID\{11111111-1111-1111-1111-110011221158}\TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"

– [HKCR\CLSID\{11111111-1111-1111-1111-110011221158}\
   VersionIndependentProgID]
   • "(Default)"="CrossriderApp0002258"

– [HKCR\CLSID\{22222222-2222-2222-2222-220022222258}]
   • "(Default)"="CrossriderApp0002258.Sandbox"

– [HKCR\CLSID\{22222222-2222-2222-2222-220022222258}\InprocServer32]
   • "(Default)"="%malware file%"

– [HKCR\CLSID\{22222222-2222-2222-2222-220022222258}\ProgID]
   • "(Default)"="CrossriderApp0002258.Sandbox.1"

– [HKCR\CLSID\{22222222-2222-2222-2222-220022222258}\TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"

– [HKCR\CLSID\{22222222-2222-2222-2222-220022222258}\
   VersionIndependentProgID]
   • "(Default)"="CrossriderApp0002258.Sandbox"

– [HKCR\CLSID\{33333333-3333-3333-3333-330033223358}]
   • "(Default)"="CrossriderApp0002258.FBApi"

– [HKCR\CLSID\{33333333-3333-3333-3333-330033223358}\InprocServer32]
   • "(Default)"="%malware file%"

– [HKCR\CLSID\{33333333-3333-3333-3333-330033223358}\ProgID]
   • "(Default)"="CrossriderApp0002258.FBApi.1"

– [HKCR\CLSID\{33333333-3333-3333-3333-330033223358}\TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"

– [HKCR\CLSID\{33333333-3333-3333-3333-330033223358}\
   VersionIndependentProgID]
   • "(Default)"="CrossriderApp0002258.FBApi"

– [HKCR\CrossriderApp0002258.BHO.1]
   • "(Default)"="CrossriderApp0002258"

– [HKCR\CrossriderApp0002258.BHO.1\CLSID]
   • "(Default)"="{11111111-1111-1111-1111-110011221158}"

– [HKCR\CrossriderApp0002258.BHO]
   • "(Default)"="CrossriderApp0002258"

– [HKCR\CrossriderApp0002258.BHO\CLSID]
   • "(Default)"="{11111111-1111-1111-1111-110011221158}"

– [HKCR\CrossriderApp0002258.BHO\CurVer]
   • "(Default)"="CrossriderApp0002258"

– [HKCR\CrossriderApp0002258.FBApi.1]
   • "(Default)"="CrossriderApp0002258.FBApi"

– [HKCR\CrossriderApp0002258.FBApi.1\CLSID]
   • "(Default)"="{33333333-3333-3333-3333-330033223358}"

– [HKCR\CrossriderApp0002258.FBApi]
   • "(Default)"="CrossriderApp0002258.FBApi"

– [HKCR\CrossriderApp0002258.FBApi\CLSID]
   • "(Default)"="{33333333-3333-3333-3333-330033223358}"

– [HKCR\CrossriderApp0002258.FBApi\CurVer]
   • "(Default)"="CrossriderApp0002258.FBApi.1"

– [HKCR\CrossriderApp0002258.Sandbox.1]
   • "(Default)"="CrossriderApp0002258.Sandbox"

– [HKCR\CrossriderApp0002258.Sandbox.1\CLSID]
   • "(Default)"="{22222222-2222-2222-2222-220022222258}"

– [HKCR\CrossriderApp0002258.Sandbox]
   • "(Default)"="CrossriderApp0002258.Sandbox"

– [HKCR\CrossriderApp0002258.Sandbox\CLSID]
   • "(Default)"="{22222222-2222-2222-2222-220022222258}"

– [HKCR\CrossriderApp0002258.Sandbox\CurVer]
   • "(Default)"="CrossriderApp0002258.Sandbox"

– [HKCR\Interface\{55555555-5555-5555-5555-550055225558}]
   • "(Default)"="ICrossriderBHO"

– [HKCR\Interface\{55555555-5555-5555-5555-550055225558}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{55555555-5555-5555-5555-550055225558}\
   ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{55555555-5555-5555-5555-550055225558}\TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"
   • "Version"="1.0"

– [HKCR\Interface\{66666666-6666-6666-6666-660066226658}]
   • "(Default)"="ISandBox"

– [HKCR\Interface\{66666666-6666-6666-6666-660066226658}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{66666666-6666-6666-6666-660066226658}\
   ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{66666666-6666-6666-6666-660066226658}\TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"
   • "Version"="1.0"

– [HKCR\Interface\{77777777-7777-7777-7777-770077227758}]
   • "(Default)"="IFBApi"

– [HKCR\Interface\{77777777-7777-7777-7777-770077227758}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{77777777-7777-7777-7777-770077227758}\
   ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{77777777-7777-7777-7777-770077227758}\TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"
   • "Version"="1.0"

– [HKCR\TypeLib\{44444444-4444-4444-4444-440044224458}\1.0]
   • "(Default)"="CrossriderApp0002258 Type Library"

– [HKCR\TypeLib\{44444444-4444-4444-4444-440044224458}\1.0\0\win32]
   • "(Default)"="%malware file%"

– [HKCR\TypeLib\{44444444-4444-4444-4444-440044224458}\1.0\FLAGS]
   • "(Default)"="0"

– [HKLM\SOFTWARE\Classes\CLSID\
   {11111111-1111-1111-1111-110011221158}]
   • "(Default)"="I Want This"

– [HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}\
   InprocServer32]
   • "(Default)"="%malware file%"

– [HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}\
   ProgID]
   • "(Default)"="CrossriderApp0002258.BHO.1"

– [HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}\
   TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"

– [HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}\
   VersionIndependentProgID]
   • "(Default)"="CrossriderApp0002258"

– [HKLM\SOFTWARE\Classes\CLSID\
   {22222222-2222-2222-2222-220022222258}]
   • "(Default)"="CrossriderApp0002258.Sandbox"

– [HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}\
   InprocServer32]
   • "(Default)"="%malware file%"

– [HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}\
   ProgID]
   • "(Default)"="CrossriderApp0002258.Sandbox.1"

– [HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}\
   TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"

– [HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}\
   VersionIndependentProgID]
   • "(Default)"="CrossriderApp0002258.Sandbox"

– [HKLM\SOFTWARE\Classes\CLSID\
   {33333333-3333-3333-3333-330033223358}]
   • "(Default)"="CrossriderApp0002258.FBApi"

– [HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}\
   InprocServer32]
   • "(Default)"="%malware file%"

– [HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}\
   ProgID]
   • "(Default)"="CrossriderApp0002258.FBApi.1"

– [HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}\
   TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"

– [HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}\
   VersionIndependentProgID]
   • "(Default)"="CrossriderApp0002258.FBApi"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1]
   • "(Default)"="CrossriderApp0002258"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1\CLSID]
   • "(Default)"="{11111111-1111-1111-1111-110011221158}"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO]
   • "(Default)"="CrossriderApp0002258"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO\CLSID]
   • "(Default)"="{11111111-1111-1111-1111-110011221158}"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO\CurVer]
   • "(Default)"="CrossriderApp0002258"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1]
   • "(Default)"="CrossriderApp0002258.FBApi"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1\CLSID]
   • "(Default)"="{33333333-3333-3333-3333-330033223358}"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi]
   • "(Default)"="CrossriderApp0002258.FBApi"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi\CLSID]
   • "(Default)"="{33333333-3333-3333-3333-330033223358}"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi\CurVer]
   • "(Default)"="CrossriderApp0002258.FBApi.1"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1]
   • "(Default)"="CrossriderApp0002258.Sandbox"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1\CLSID]
   • "(Default)"="{22222222-2222-2222-2222-220022222258}"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox]
   • "(Default)"="CrossriderApp0002258.Sandbox"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox\CLSID]
   • "(Default)"="{22222222-2222-2222-2222-220022222258}"

– [HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox\CurVer]
   • "(Default)"="CrossriderApp0002258.Sandbox"

– [HKLM\SOFTWARE\Classes\Interface\
   {55555555-5555-5555-5555-550055225558}]
   • "(Default)"="ICrossriderBHO"

– [HKLM\SOFTWARE\Classes\Interface\
   {55555555-5555-5555-5555-550055225558}\ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {55555555-5555-5555-5555-550055225558}\ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {55555555-5555-5555-5555-550055225558}\TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {66666666-6666-6666-6666-660066226658}]
   • "(Default)"="ISandBox"

– [HKLM\SOFTWARE\Classes\Interface\
   {66666666-6666-6666-6666-660066226658}\ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {66666666-6666-6666-6666-660066226658}\ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {66666666-6666-6666-6666-660066226658}\TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\Interface\
   {77777777-7777-7777-7777-770077227758}]
   • "(Default)"="IFBApi"

– [HKLM\SOFTWARE\Classes\Interface\
   {77777777-7777-7777-7777-770077227758}\ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {77777777-7777-7777-7777-770077227758}\ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKLM\SOFTWARE\Classes\Interface\
   {77777777-7777-7777-7777-770077227758}\TypeLib]
   • "(Default)"="{44444444-4444-4444-4444-440044224458}"
   • "Version"="1.0"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {44444444-4444-4444-4444-440044224458}\1.0]
   • "(Default)"="CrossriderApp0002258 Type Library"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {44444444-4444-4444-4444-440044224458}\1.0\0\win32]
   • "(Default)"="%malware file%"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {44444444-4444-4444-4444-440044224458}\1.0\FLAGS]
   • "(Default)"="0"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {44444444-4444-4444-4444-440044224458}\1.0\HELPDIR]
   • "(Default)"="%malware execution directory%"

Description inserted by Wensin Lee on Friday, March 16, 2012
Description updated by Wensin Lee on Friday, March 16, 2012

Back . . . .