Avira Virus Lab

‹ Back

ADWARE/AgentCV.A.19782

Summary
  • Name
    ADWARE/AgentCV.A.19782
  • Date discovered
    Oct 1, 2015
  • VDF version
    7.11.162.42 (2014-07-17 17:16)
Description

This class of detection flags software that display ads, usually in the Internet browser by modifying displayed pages or opening additional pages with ads. These adware programs are usually installed by the users themselves or come with other software that the users install themselves (usually in exchange for using the software for free or as a default install option). Users might be unaware that this software was installed or of its behavior. This detection is meant to flag the file and the behavior as part of legitimate ad-displaying software. This detection can be disabled and is recommended if the user is aware of the software installed on his/her system and doesn't want this type of software to be detected.

  • VDF
    7.11.162.42 (2014-07-17 17:16)
  • Aliases
    Dr. Web: Adware.Searcher.2467
    G Data: Win32.Application.Agent.FMYQ3O
    ESET: Win32/Wajam.B application
  • Files
    The following files are deleted: The following files are created:
    • %TEMPDIR%\nsk1.tmp
    • %TEMPDIR%\nsk2.tmp
    • %TEMPDIR%\nsa3.tmp
    • %TEMPDIR%\nsa3.tmp\inetc.dll
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %temporary internet files%\Content.IE5\QH9ZEEV0\WWE_1.52.1.25[1].exe
    • %TEMPDIR%\Wajam\tmp\1\wajam_install.exe
    The following files are changed:
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
  • Registry
    The following registry entries are added:
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaIntEn Monitor ("Type": dword:00000010; "Start": dword:00000002; "ErrorControl": dword:00000001; "ImagePath": ""%PROGRAM FILES%\WaIntEn\Wajam.exe""; "DisplayName": "WaIntEn Monitor"; "DependOnService": "RPCSS;"; "DependOnGroup": ""; "ObjectName": "LocalSystem"; "Description": "Enhances experience when browsing the web.")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaIntEn Monitor\Security ("Security": %hex values%)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAINTEN_MONITOR ("NextInstance": dword:00000001)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAINTEN_MONITOR\0000 ("Service": "WaIntEn Monitor"; "Legacy": dword:00000001; "ConfigFlags": dword:00000000; "Class": "LegacyDriver"; "ClassGUID": "{8ECC055D-047F-11D1-A537-0000F8753ED1}"; "DeviceDesc": "WaIntEn Monitor")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WAINTEN_MONITOR\0000\Control ("*NewlyCreated*": dword:00000000; "ActiveService": "WaIntEn Monitor")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaIntEn Monitor\Enum ("0": "Root\LEGACY_WAINTEN_MONITOR\0000"; "Count": dword:00000001; "NextInstance": dword:00000001)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent (@: dword:0000000f)
    The following registry entries are changed:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_1022&DEV_2000&SUBSYS_20001022&REV_10\4&47b7341&0&0088\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    The values of the following registry keys are removed:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PSCHEDMP\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPTPMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PTIMINIPORT\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PSCHEDMP\0001\LogConf (BootConfigVector: -; AllocConfigVector: -; ForcedConfigVector: -; BasicConfig: -; FilteredConfig: -; OverrideConfig: -)
  • HTTP Requests
    • www.*****ologiestuart.com/installer/getTimestamp
    • www.*****ologiestuart.com/installer/start?v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/webenhancer/logging?evt=10001&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=1.0&getinstructions=1&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=2.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=3.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/webenhancer/injections?v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=
    • www.*****ologiestuart.com/webenhancer/logging?evt=10023&v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=
    • www.*****ologiestuart.com/webenhancer/logging?evt=10004&v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=
    • www.*****ologiestuart.com/webenhancer/config?v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=
    • www.*****ologiestuart.com/installer/progress?section=4.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=5.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=6.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/downloadsLog?unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&affiliate_id=3673
    • www.*****ologiestuart.com/installer/urlsLog?unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&affiliate_id=3673&br=firefox
    • www.*****ologiestuart.com/webenhancer/update?v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=&retry_count=0&retry_version=&sc=1&scfr=&avs=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
    • www.*****ologiestuart.com/installer/installedProgramsLogs?unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&affiliate_id=3673
    • www.*****ologiestuart.com/installer/progress?section=7.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/installer/progress?section=8.0&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/index.php?firstrun=1&bg=1&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/signup?aid=3673
    • www.*****ologiestuart.com/webenhancer/logging?evt=10008&v=d1.52.1.25&os_mj=5&os_mn=1&os_bitness=32&mid=ef096dd5675385f2f105fd9bbb320587&uid=EF8BC53D75C85E8B8914CCDD89C85F75&aid=3673&aid2=none&ts=1443706193&ts2=&brw=Firefox&brw_v=9%2E0%2E1%2E0&brw_bitness=32&metro=0
    • www.*****ologiestuart.com/installer/finish?v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/webenhancer/logging?evt=10002&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • www.*****ologiestuart.com/index.php?firstrun=1&lp=1&v=d1.52.1.25&tv=1.0-10000&unique_id=EF8BC53D75C85E8B8914CCDD89C85F75&mid=ef096dd5675385f2f105fd9bbb320587&aid=3673&aid2=none&ts=1443706193&ts2=&brw=firefox&mi=1&ma=5
    • ajax.*****eapis.com/ajax/libs/jquery/1.7/jquery.min.js?1.00372.0
    • ajax.*****eapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00372.0
    • www.*****ologiestuart.com/favicon.ico
    • www.*****ologiestuart.com/js/min_general_en.js?1.00372.0
    • www.*****ologiestuart.com/js/min_signup_page.js?1.00372.0
    • www.*****ologiestuart.com/js/min_fancybox.js?1.00372.0
    • www.*****ologiestuart.com/css/min_signup.css?1.00372.0
    • www.*****ologiestuart.com/css/min_general.css?1.00372.0
    • www.*****ologiestuart.com/css/min_fancybox.css?1.00372.0
    • www.*****ologiestuart.com/imgs/logo-wajam-signup.png
    • www.*****ologiestuart.com/imgs/logo-facebook-f.png
    • www.*****ologiestuart.com/imgs/logo-twitter-bird.png
    • staticwajam-wajam.*****a-ssl.com/js/cdn/min_signup_page.js?1_00372_0=
    • staticwajam-wajam.*****a-ssl.com/css/cdn/min_signup.css?1_00372_0=
    • staticwajam-wajam.*****a-ssl.com/css/cdn/min_general.css?1_00372_0=
    • staticwajam-wajam.*****a-ssl.com/js/cdn/min_fancybox.js?1_00372_0=
    • staticwajam-wajam.*****a-ssl.com/js/cdn/min_general_en.js?1_00372_0=
    • staticwajam-wajam.*****a-ssl.com/imgs/signup-shadow.png
    • staticwajam-wajam.*****a-ssl.com/css/cdn/min_fancybox.css?1_00372_0=
    • g.*****.com/
    • fonts.*****eapis.com/css?family=Signika:400,300,600,700
    • connect.*****ook.net/en_US/all.js
    • ocsp.*****ert.com/