Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:Adware/Downsave.nli
Date discovered:18/07/2012
Type:Adware/Spyware
In the wild:No
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Low
File size:140.800 Bytes
MD5 checksum:ac13c733379328f86568f6e514c2f7f8
VDF version:7.11.36.190 - Wednesday, July 18, 2012
IVDF version:7.11.36.190 - Wednesday, July 18, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Bitdefender: Adware.Agent.NLI
   •  Eset: Win32/Adware.MultiPlug.A application
   •  GData: Adware.Agent.NLI
   •  Norman: Aggressive commersial W32/Multplug.BW


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Registry modification

 Registry It registers a browser helper object (BHO) by adding the following keys:

– [HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}]
   • "(Default)"="InjectorBHO Class"

– [HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\InprocServer32]
   • "(Default)"="c:\sample.dll"
   • "ThreadingModel"="Apartment"

– [HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\ProgID]
   • "(Default)"="Injector.BHO.1"

– [HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   VersionIndependentProgID]
   • "(Default)"="Injector.BHO"

– [HKCR\Injector.BHO.Injector.BHO.1]
   • "(Default)"="InjectorBHO"

– [HKCR\Injector.BHO.Injector.BHO.1\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

– [HKCR\Injector.BHO.Injector.BHO]
   • "(Default)"="InjectorBHO"

– [HKCR\Injector.BHO.Injector.BHO\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

– [HKCR\Injector.BHO.Injector.BHO\CurVer]
   • "(Default)"="Injector.BHO.1"

– [HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}]
   • "(Default)"="IInjectorBHO"

– [HKCR\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}]
   • "(Default)"="ILocalStorage"

– [HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32]
   • "(Default)"="c:\sample.dll"

– [HKLM\SOFTWARE\Classes\CLSID\
   {8CB77D97-966B-4364-9B95-93B3DC148113}]
   • "(Default)"="InjectorBHO Class"

– [HKLM\SOFTWARE\Classes\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   InprocServer32]
   • "(Default)"="c:\sample.dll"
   • "ThreadingModel"="Apartment"

– [HKLM\SOFTWARE\Classes\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   ProgID]
   • "(Default)"="Injector.BHO.1"

– [HKLM\SOFTWARE\Classes\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   VersionIndependentProgID]
   • "(Default)"="Injector.BHO"

– [HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO.1]
   • "(Default)"="InjectorBHO"

– [HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO.1\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

– [HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO]
   • "(Default)"="InjectorBHO"

– [HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

– [HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO\CurVer]
   • "(Default)"="Injector.BHO.1"

– [HKLM\SOFTWARE\Classes\Interface\
   {BBA74401-6D6F-4BBD-9F65-E8623814F3BB}]
   • "(Default)"="IInjectorBHO"

– [HKLM\SOFTWARE\Classes\Interface\
   {D2F39980-399F-492E-8D88-5FF7CCB3B47F}]
   • "(Default)"="ILocalStorage"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0]
   • "(Default)"="Injector 1.0 Type Library"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32]
   • "(Default)"="c:\sample.dll"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{8CB77D97-966B-4364-9B95-93B3DC148113}]
   • "(Default)"="InjectorBHO"
   • "NoExplorer"="dword:0x00000001"

Description inserted by Wensin Lee on Friday, July 20, 2012
Description updated by Wensin Lee on Friday, July 20, 2012

Back . . . .