During installation a connection is made to ad-w-a-r-e.com and instructions from java script change the host and remove registry keys. Has potential to do other malicous acts.
http://www.ad-w-a-r-e.com/cgi-bin/PopupV2?ID={}&type=normal&mSkip=1&rnd=", 300000, "TRUE");
sendExternalEvent('EVENT:UPDATECRC:A1EDBE54FAEA39FAAC6DF618503910E7');
sendExternalEvent('EVENT:REMOVEKEY:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify?HKLM?DllName?0563F1C45F34E7305C57F10DD17B6E8F');
sendExternalEvent('EVENT:REMOVEKEY:SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects?HKLM');
sendExternalEvent('EVENT:HOST:127.0.0.1?www.igetnet.com');
sendExternalEvent('EVENT:HOST:127.0.0.1?code.ignphrases.com');
sendExternalEvent('EVENT:HOST:127.0.0.1?clear-search.com');
Downloads other unwanted software and displays advertisements.
Causes the cpu to be at maximum usage which causes the computer to run slow and sometimes freeze up. Displays an advertisement that lists some causes of computer problems and offers a free program to check the computer for errors.
Comments:Seems to be related to VX2.
Adds other software, and sometimes creates a second "shortcut bar".
Removal Instructions:Kill this process:
no.exe
Remove these entries from the registry:
HKEY_CURRENT_USER\\software\\look2me
Remove these files:
systemroot+\\system32\\msg{1e253d5d-6add-4fe9-829c-f51038158be5}0110.dll
systemroot+\\system32\\msg{1e253d5d-6add-4fe9-829c-f51038158be5}0111.dll
systemroot+\\system32\\msg{46b08877-2be4-4f35-8e77-034c2142321c}0115.dll
systemroot+\\system32\\msg{5bef546a-e3c1-489c-996a-c9688d985ae0}0110.dll
systemroot+\\system32\\msg{5bef546a-e3c1-489c-996a-c9688d985ae0}0111.dll
systemroot+\\system32\\msg{63de1ad9-f0c6-4dac-886a-5a9707b0d23c}0110.dll
systemroot+\\system32\\msg{63de1ad9-f0c6-4dac-886a-5a9707b0d23c}0111.dll
systemroot+\\system32\\msg{93396c3f-aea3-4ac0-bb55-81f0f0414a24}0113.dll
systemroot+\\system32\\msg{9d4f5b7c-2a4b-46c5-99a7-4c775b688d45}0110.dll
systemroot+\\system32\\msg{9d4f5b7c-2a4b-46c5-99a7-4c775b688d45}0111.dll
systemroot+\\system32\\msg{aac5700f-954a-47b7-9746-871ae8e634e4}0115.dll
systemroot+\\system32\\msg{b9a9ac6a-2cc9-4a24-a250-bea974703ff8}0110.dll
systemroot+\\system32\\msg{b9a9ac6a-2cc9-4a24-a250-bea974703ff8}0111.dll
systemroot+\\system32\\msg{d331b768-d6da-41e8-a7b6-78ed724126c0}0115.dll
systemroot+\\system32\\msg{e01b47a7-a499-4fee-83c2-b0684ca28e6b}0115.dll
systemroot+\\system32\\msg{e8d8ffef-30a4-4df1-a618-e0599a0d0a15}0110.dll
systemroot+\\system32\\msg{e8d8ffef-30a4-4df1-a618-e0599a0d0a15}0111.dllno.exe
|
