ADW_STARWARE
Adware.Starware (Symantec); Program:Win32/Starware (Microsoft)
Windows 2000, Windows XP, Windows Server 2003
Threat Type:
Adware
Destructiveness:
No
Encrypted:
No
In the wild::
Yes
OVERVIEW
Agrega entradas de registro para permitir su ejecución automática cada vez que se inicia el sistema.
Elimina entradas de registro para causar el funcionamiento incorrecto de aplicaciones y programas.
TECHNICAL DETAILS
Instalación
Infiltra los archivos siguientes:
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\blocker.cur
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlocker.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlockerHot.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerhotxp.png
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerxp.png
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png
- %System Root%\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png
- %System Root%\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
- %System Root%\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
- %System Root%\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
- %System Root%\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp
- %System Root%\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
- %System Root%\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
- %System Root%\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
- %System Root%\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
- %System Root%\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
- %System Root%\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
- %User Profile%\Application Data\Starware\BrowserSearch\BrowserSearch.xml
- %User Profile%\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
- %User Profile%\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
- %User Profile%\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
- %User Profile%\Application Data\Starware\Layouts\PreferencesLayout.xml
- %User Profile%\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
- %User Profile%\Application Data\Starware\Layouts\ToolbarLayout.xml
- %User Profile%\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
- %User Profile%\Application Data\Starware\Manager\ManagerOptions.xml
- %User Profile%\Application Data\Starware\Manager\ManagerOptions.xml.backup
- %User Profile%\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
- %User Profile%\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
- %User Profile%\Application Data\Starware\Reference\ReferenceOptions.xml
- %User Profile%\Application Data\Starware\Reference\ReferenceOptions.xml.backup
- %User Profile%\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
- %User Profile%\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
- %User Profile%\Application Data\Starware\Screensavers\ScreensaversOptions.xml
- %User Profile%\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup
- %User Profile%\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
- %User Profile%\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
- %User Profile%\Application Data\Starware\Toolbar\TBProductsOptions.xml
- %User Profile%\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
- %User Profile%\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
- %User Profile%\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
- %User Profile%\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
- %User Profile%\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
- %User Profile%\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
- %User Profile%\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
- %User Profile%\Application Data\Starware\Weather\AlertArchive.xml
- %User Profile%\Application Data\Starware\Weather\WeatherOptions.xml
- %User Profile%\Application Data\Starware\Weather\WeatherOptions.xml.backup
- %Program Files%\Starware\bin\Starware.dll
- %Program Files%\Starware\brand.bmp
- %Program Files%\Starware\icons\star_16.ico
- %Program Files%\Starware\StarwareConfig.xml
- %Program Files%\Starware\StarwareUninstall.exe
(Nota: %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).
. %User Profile% es la carpeta de perfil del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario} y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}).. %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).)Crea las carpetas siguientes:
- %System Root%\Documents and Settings\All Users\Application Data\Starware
- %User Profile%\Application Data\Starware
- %Program Files%\Starware
(Nota: %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).
. %User Profile% es la carpeta de perfil del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario} y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}).. %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).)Técnica de inicio automático
Agrega las siguientes entradas de registro para permitir su ejecución automática cada vez que se inicia el sistema:
HKEY_CLASSES_ROOT\CLSID\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}\
InprocServer32
(default) = "%Program Files%\Starware\bin\Starware.dll"
HKEY_CLASSES_ROOT\CLSID\{7BED0340-176B-44bc-915E-C21C1DD6F617}\
InprocServer32
(default) = "%Program Files%\Starware\bin\Starware.dll"
HKEY_CLASSES_ROOT\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}\
InprocServer32
(default) = "%Program Files%\Starware\bin\Starware.dll"
HKEY_CLASSES_ROOT\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5}\
InprocServer32
(default) = "%Program Files%\Starware\bin\Starware.dll"
Se registra como BHO para garantizar su ejecución automática cada vez que se utilice Internet Explorer mediante la introducción de las siguientes claves de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}
Otras modificaciones del sistema
Agrega las siguientes entradas de registro:
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Use Search Asst = "no"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Use Custom Search URL = "0"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Toolbar\WebBrowser
{D49E9D35-254C-4C6A-9D17-95018D228FF5} = "{hex value}"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\URLSearchHooks
(default) = "{blank}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Toolbar
{D49E9D35-254C-4c6a-9D17-95018D228FF5} = "Starware"
Agrega las siguientes claves de registro como parte de la rutina de instalación:
HKEY_CLASSES_ROOT\CLSID\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}
HKEY_CLASSES_ROOT\CLSID\{7BED0340-176B-44bc-915E-C21C1DD6F617}
HKEY_CLASSES_ROOT\CLSID\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}
HKEY_CLASSES_ROOT\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5}
HKEY_CURRENT_USER\Software\Starware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Starware
Modifica las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Search
SearchAssistant = "http://{BLOCKED}s.{BLOCKED}re.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDFaDWeHPPJB4okC7ss5iHXMDHEeuW2bzJjyWbkvVHUlG/K96l3rCdrg1e6DkEHyzWFf4zQgxGDYrbrCuI8YOVRqEtXB4vlq1W2+C4gDPjQl8IKpI8xA7RYnyMee3Wmosp7Q9NmXmmKfYAR0qLFE/jGWCTvmTqkfSJVPVKmlsu2nBlsDYmJNPWP5aZI8USOmEKaRoY5nsFP/Ux5wnYTwpFbqfI3qMotEGDIqu3xiWK8+M="
(Note: The default value data of the said registry entry is {user-defined}.)
Elimina las siguientes entradas de registro:
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} = "{blank}"