ADWARE_JUSTFINDIT
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Adware
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It arrives as a component bundled with malware/grayware packages.
TECHNICAL DETAILS
Arrival Details
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It arrives as a component bundled with malware/grayware packages.
Autostart Technique
This adware adds the following registry keys to install itself as a Browser Helper Object (BHO):
HKEY_CLASSES_ROOT\CLSID\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}
It registers itself as a BHO to ensure its automatic execution every time Internet Explorer is used by adding the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Toolbar
{3F5A62E2-51F2-11D3-A075-CC7364CAE42A} = "UPPC"
It adds the following registry entries to install itself as a Browser Helper Object (BHO):
HKEY_CLASSES_ROOT\CLSID\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}
@ = "&UPPC BAR"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}
@ = "&UPPC BAR"