ADWARE_FINDMENOW
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
Threat Type: Adware
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This adware may arrive bundled with malware packages as a malware component.
It requires its main component to successfully perform its intended routine.
TECHNICAL DETAILS
Arrival Details
This adware may arrive bundled with malware packages as a malware component.
Other System Modifications
This adware adds the following registry keys:
HKEY_CLASSES_ROOT\Xmlmimefilter.XMLMimeFilterPP
HKEY_CLASSES_ROOT\Xmlmimefilter.XMLMimeFilterPP.1
HKEY_CLASSES_ROOT\CLSID\{53B95211-7D77-11D2-9F81-00104B107C96}
HKEY_CLASSES_ROOT\TypeLib\{53B95204-7D77-11D2-9F81-00104B107C96}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Xmlmimefilter.XMLMimeFilterPP
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Xmlmimefilter.XMLMimeFilterPP.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{53B95211-7D77-11D2-9F81-00104B107C96}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
PROTOCOLS\Handler\start
It modifies the following registry entries:
HKEY_CLASSES_ROOT\PROTOCOLS\Handler\
about
CLSID = "{53B95211-7D77-11D2-9F81-00104B107C96}"
(Note: The default value data of the said registry entry is {Default}.)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
PROTOCOLS\Handler\about
CLSID = "{53B95211-7D77-11D2-9F81-00104B107C96}"
(Note: The default value data of the said registry entry is {Default}.)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Main
Start Page = "about:blank"
(Note: The default value data of the said registry entry is {Default}.)
Other Details
This adware requires its main component to successfully perform its intended routine.