Home Malware Programs Adware Adware.CWSIEFeats

Adware.CWSIEFeats

Posted: December 17, 2009

Adware.CWSIEFeats is an Internet Explorer Browser Helper Object that functions by changing a variety of Internet Explorer default pages which include the Start and Search Pages. Adware.CWSIEFeats shows pop-up ads and downloads files without the user's awareness, which in turn install other security threats and may result in further devastation. Adware.CWSIEFeats may help to transfer malicious advertising content to the user through its own window, or with the usage of another program's interface. In some situations, Adware.CWSIEFeats may gather information from the user's computer, involving information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other place in computer network.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %CommonAppData%\WILCOQUMJWNAG\WIEQLGLNAG.cfg
    2 %System%\WINAGSys\vd952342.bd

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe]HKEY..\..\..\..{RegistryKeys}Debugger = "svchost.exe"
Loading...