Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:ADWARE/BetterSurf.B
Date discovered:28/11/2013
Type:Adware
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:No
VDF version:7.11.116.90 - Thursday, November 28, 2013
IVDF version:7.11.116.90 - Thursday, November 28, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: Adware.Adpopup
   •  Mcafee: PUP-FEZ!2F6F50B74D22
   •  Kaspersky: not-a-virus:AdWare.Win32.BetterSurf.b
   •  TrendMicro: ADW_BSURF
   •  F-Secure: Adware:JS/BetterSurf
   •  Sophos: BetterSurf
   •  Avast: JS:BetterSurf-A
   •  AVG: Generic5.AJZH
   •  Panda: Suspicious file
   •  Eset: Win32/AdWare.BetterSurf.A
   •  GData: Win32.Adware.BetterSurf.A
   •  DrWeb: Trojan.Siggen5.63980
   •  Fortinet: Adware/JS_BetterSurf
   •  Ikarus: JS.BetterSurf


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

 Files The following files are created:

– %temp%\aminsis.txt This is a non malicious text file with the following content:
   • SqLite exception SQLITE_ERROR[1]: in file \extensions.sqlite
     

%PROGRAM FILES%\BetterSurf\ie\BetterSurf.dll
%PROGRAM FILES%\BetterSurf\ch\Chrome.crx
%PROGRAM FILES%\BetterSurf\ff\BetterSurf.xpi
%PROGRAM FILES%\BetterSurf\ff\build.cmd
%PROGRAM FILES%\BetterSurf\ff\chrome.manifest
%PROGRAM FILES%\BetterSurf\ff\install.rdf
%PROGRAM FILES%\BetterSurf\ff\chrome\content\firefox.js
%PROGRAM FILES%\BetterSurf\ff\chrome\content\inject.js
%PROGRAM FILES%\BetterSurf\ff\chrome\content\overlay.xul
– C:\extensions.sqlite

 Registry The following registry keys are added:

– [HKLM\SOFTWARE\BetterSurf\Components]
   • "Ie"="1"
   • "Ch"="1"
   • "ff"="1"

– [HKLM\SOFTWARE\BetterS]
– [HKLM\SOFTWARE\BetterSurf\Component]
– [HKLM\SOFTWARE\Google\Chrome\Extensions\
   dedmngkbaffkenlfdcbganndoghblmap]
   • "path"="C:\Program Files\\BetterSurf\\ch\\Chrome.crx"
   • "version"="1.0"

– [HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkba]
– [HKLM\SOFTWARE\Mozilla\Firefox\Extensions]
   • "xz123@ya456.com"="C:\Program Files\\BetterSurf\\ff"

– [HKCR\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}]
   • @="BetterSurf"

– [HKLM\SYSTEM\ControlSet001\Control\Session Manager]
   • "PendingFileRenameOperations"="\??\%temp%\nse10.tmp\aminsis.dll;"

Description inserted by Soe-liang Tan on Friday, November 29, 2013
Description updated by Wensin Lee on Friday, November 29, 2013

Back . . . .