Full description

Virus:	Adware/Rogue.141312
Date discovered:	06/08/2012
Type:	Adware/Spyware
In the wild:	No
Reported Infections:	Low to medium
Distribution Potential:	Low
Damage Potential:	Low
File size:	141.312 Bytes
MD5 checksum:	5e7c277d592b7cad218fde9d52e76d37
VDF version:	7.11.38.236 - Monday, August 6, 2012
IVDF version:	7.11.38.236 - Monday, August 6, 2012

General Method of propagation:
   • No own spreading routine

Aliases:
   • Kaspersky: not-a-virus:AdWare.Win32.BHO.awvu
   • Grisoft: Generic5.GWI

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Registry modification

Registry It registers a browser helper object (BHO) by adding the following keys:

– [HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}]
   • "(Default)"="InjectorBHO Class"

– [HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\InprocServer32]
   • "(Default)"="c:\sample.dll"
   • "ThreadingModel"="Apartment"

– [HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\ProgID]
   • "(Default)"="Injector.BHO.1"

– [HKCR\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   VersionIndependentProgID]
   • "(Default)"="Injector.BHO"

– [HKCR\Injector.BHO.Injector.BHO.1]
   • "(Default)"="InjectorBHO"

– [HKCR\Injector.BHO.Injector.BHO.1\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

– [HKCR\Injector.BHO.Injector.BHO]
   • "(Default)"="InjectorBHO"

– [HKCR\Injector.BHO.Injector.BHO\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

– [HKCR\Injector.BHO.Injector.BHO\CurVer]
   • "(Default)"="Injector.BHO.1"

– [HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}]
   • "(Default)"="IInjectorBHO"

– [HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\
   ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib]
   • "(Default)"="{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"
   • "Version"="1.0"

– [HKCR\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}]
   • "(Default)"="ILocalStorage"

– [HKCR\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\
   ProxyStubClsid]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\
   ProxyStubClsid32]
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– [HKCR\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib]
   • "(Default)"="{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}"
   • "Version"="1.0"

– [HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0]
   • "(Default)"="Injector 1.0 Type Library"

– [HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32]
   • "(Default)"="c:\sample.dll"

– [HKLM\SOFTWARE\Classes\CLSID\
   {8CB77D97-966B-4364-9B95-93B3DC148113}]
   • "(Default)"="InjectorBHO Class"

– [HKLM\SOFTWARE\Classes\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   InprocServer32]
   • "(Default)"="c:\sample.dll"
   • "ThreadingModel"="Apartment"

– [HKLM\SOFTWARE\Classes\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   ProgID]
   • "(Default)"="Injector.BHO.1"

– [HKLM\SOFTWARE\Classes\CLSID\{8CB77D97-966B-4364-9B95-93B3DC148113}\
   VersionIndependentProgID]
   • "(Default)"="Injector.BHO"

– [HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO.1]
   • "(Default)"="InjectorBHO"

– [HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO.1\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

– [HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO]
   • "(Default)"="InjectorBHO"

– [HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO\CLSID]
   • "(Default)"="{8CB77D97-966B-4364-9B95-93B3DC148113}"

– [HKLM\SOFTWARE\Classes\Injector.BHO.Injector.BHO\CurVer]
   • "(Default)"="Injector.BHO.1"

– [HKLM\SOFTWARE\Classes\Interface\
   {BBA74401-6D6F-4BBD-9F65-E8623814F3BB}]
   • "(Default)"="IInjectorBHO"

– [HKLM\SOFTWARE\Classes\Interface\
   {D2F39980-399F-492E-8D88-5FF7CCB3B47F}]
   • "(Default)"="ILocalStorage"

– [HKLM\SOFTWARE\Classes\TypeLib\
   {C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32]
   • "(Default)"="c:\sample.dll"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{8CB77D97-966B-4364-9B95-93B3DC148113}]
   • "(Default)"="InjectorBHO"
   • "NoExplorer"="dword:0x00000001"

Description inserted by Wensin Lee on Wednesday, August 8, 2012
Description updated by Wensin Lee on Wednesday, August 8, 2012

Back . . . .

Become an Avira Partner

Want to be the leading provider of small and medium business security? Become an Avira partner and offer your customers powerful, cost-effective security trusted by over 100 million users worldwide.

Discover the Avira Partner Program Enroll as an Avira partner today

Already a Partner?

. . . .

Call Us

+1 800-403-7019

Drop us a line

We'll get back to you lickety-split.

Nice to hear from you!

Thank you for contacting Avira.

Featured products

More products

Most popular

All products

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools

Call Us

+1 800-403-7019

Drop us a line

We'll get back to you lickety-split.

Nice to hear from you!

Thank you for contacting Avira.

Featured products

More products

Most popular

All products

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools