Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:28/11/2013
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:No
VDF version: - Thursday, November 28, 2013
IVDF version: - Thursday, November 28, 2013

 General Method of propagation:
   • No own spreading routine

   •  Symantec: Adware.Adpopup
   •  Mcafee: PUP-FEZ!2F6F50B74D22
   •  Kaspersky: not-a-virus:AdWare.Win32.BetterSurf.b
   •  TrendMicro: ADW_BSURF
   •  F-Secure: Adware:JS/BetterSurf
   •  Sophos: BetterSurf
     Avast: JS:BetterSurf-A
     AVG: Generic5.AJZH
   •  Panda: Suspicious file
   •  Eset: Win32/AdWare.BetterSurf.A
     GData: Win32.Adware.BetterSurf.A
     DrWeb: Trojan.Siggen5.63980
     Fortinet: Adware/JS_BetterSurf
     Ikarus: JS.BetterSurf

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

 Files The following files are created:

%temp%\aminsis.txt This is a non malicious text file with the following content:
   • SqLite exception SQLITE_ERROR[1]: in file \extensions.sqlite

%PROGRAM FILES%\BetterSurf\ie\BetterSurf.dll
%PROGRAM FILES%\BetterSurf\ch\Chrome.crx
%PROGRAM FILES%\BetterSurf\ff\BetterSurf.xpi
%PROGRAM FILES%\BetterSurf\ff\build.cmd
%PROGRAM FILES%\BetterSurf\ff\chrome.manifest
%PROGRAM FILES%\BetterSurf\ff\install.rdf
%PROGRAM FILES%\BetterSurf\ff\chrome\content\firefox.js
%PROGRAM FILES%\BetterSurf\ff\chrome\content\inject.js
%PROGRAM FILES%\BetterSurf\ff\chrome\content\overlay.xul

 Registry The following registry keys are added:

   • "Ie"="1"
   • "Ch"="1"
   • "ff"="1"

   • "path"="C:\Program Files\\BetterSurf\\ch\\Chrome.crx"
   • "version"="1.0"

   • ""="C:\Program Files\\BetterSurf\\ff"

   • @="BetterSurf"

[HKLM\SYSTEM\ControlSet001\Control\Session Manager]
   • "PendingFileRenameOperations"="\??\%temp%\nse10.tmp\aminsis.dll;"

Description inserted by Soe-liang Tan on Friday, November 29, 2013
Description updated by Wensin Lee on Friday, November 29, 2013

Back . . . .