Win32/Adware.Mycentria [Threat Name]

Detection created2008-07-24
World activity peak 2008-11-18 (1.75 %)
Short description

Win32/Adware.Mycentria is an adware - an application designed for delivery of unsolicited advertisements.

Installation

The adware is usually bundled within installation packages of various legitimate software.


When executed the adware displays the following dialog box:

The adware creates the following files:

  • %windir%\­Documents and Settings\­All Users\­Desktop\­%filename%.lnk (http://www.playfuns.com/)
  • %program_files%\­MyCentria\­MyCentriaUninstall.exe
  • %program_files%\­MyCentria\­InfoBar\­MyCentriaInfoBar.dll
  • %program_files%\­MyCentria\­%internet_browser_name%\­Installer%variable%.exe

A string with variable content is used instead of %variable% .


The adware installs additional files into the folders belonging to the following applications:

  • Internet Explorer
  • Mozilla FireFox
  • Netscape Navigator

The following files are dropped:

  • adcentria.jar
  • license.txt
  • install.rdf
  • adcentria.js
  • adcentria.xml
  • adcentria.uid

The following Registry entries are created:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Explorer\­Browser Helper Objects\­{%variable%}]
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Classes\­CLSID\­{%variable%}\­InprocServer32]
    • "(Default)" = "%program_files%\­MYCENT~1\­InfoBar\­MYCENT~1.DLL"
    • "ThreadingModel" = "Apartment"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Classes\­CLSID\­{%variable%}]
    • "(Default)" = "MyCentria Internet Mate v2.0"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­MyCentria]
    • "clientname" = "MyCentriaIB"
    • "version" = "2.0"
    • "wmid" = "81"
    • "scheme" = "MYC2"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Uninstall\­MyCentria]
    • "UninstallString" = "%program_files%\­MyCentria\­MyCentriaUninstall.exe"

A string with variable content is used instead of %variable% .

Other information

Win32/Adware.Mycentria is an adware - an application designed for delivery of unsolicited advertisements.


The adware acquires data and commands from a remote computer or the Internet.


The adware contains a list of (11) URLs.


Threat Variants with Description

Threat Variant Name Date Added Threat Type
Win32/Adware.Mycentria 2008-07-24 adware

Please enable Javascript to ensure correct displaying of this content and refresh this page.