Avira Virus Lab

‹ Back


  • Name
  • Date discovered
    Oct 1, 2015
  • VDF version (2015-04-26 11:01)

This class of detection flags software that display ads, usually in the Internet browser by modifying displayed pages or opening additional pages with ads. These adware programs are usually installed by the users themselves or come with other software that the users install themselves (usually in exchange for using the software for free or as a default install option). Users might be unaware that this software was installed or of its behavior. This detection is meant to flag the file and the behavior as part of legitimate ad-displaying software. This detection can be disabled and is recommended if the user is aware of the software installed on his/her system and doesn't want this type of software to be detected.

  • VDF (2015-04-26 11:01)
  • Files
    The following files are changed:
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    The following copies of itself are created:
    • %APPDATA%\Windows Net Data\uninstaller.exe
    The following files are created:
    • %APPDATA%\Windows Net Data\id.dat
  • Registry
    The following registry entries are added:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS ("DisplayName": "VIS"; "UninstallString": "%APPDATA%\Windows Net Data\uninstaller.exe")
  • HTTP Requests
    • admin.*****secure.com/checkConnection.html
    • admin.*****secure.com/register.php?pub=&web=&ver=&cc=&tag=&hash=24908