 |
|
|
Spyware Information |
| Name: |
|
AdBreak |
|
| Threat
Level: |
|
 |
|
| Category: |
|
Adware |
|
| Aliases: |
|
Floid.dll
or Trojan.Win32.WbeCheck |
|
| Variants: |
|
There
are at many variants of AdBreak. They
differ in the filenames used and sometimes
the servers they connect to. Files you
are likely to find in the Windows directory
for each variant are:
1. AdBreak/wbeCheck
| Installer |
Hijacker |
BHO |
Settings |
| wbeInst$.exe |
wbeCheck.exe |
pbsysie.dll |
exrem.ini |
| Temp
File |
Backup |
Other |
| wbeCheck.tmp |
wbeCheck.old |
|
2. AdBreak/CB
| Installer |
Hijacker |
BHO |
Settings |
| cbinst$.exe |
hcwprn.exe |
settn.dll |
odidbu.ini |
| Temp
File |
Backup |
Other |
| plotpp.tmp |
ltosie.old |
|
3. AdBreak/kvnab
| Installer |
Hijacker |
BHO |
Settings |
| kvnab$.exe |
kvnab.exe |
kvnab.dll |
kvnab.ini |
| Temp File |
Backup |
Other |
| kvnab.tmp |
kvnab.old |
kvnab.dll_ |
4. AdBreak/liqad
| Installer |
Hijacker |
BHO |
Settings |
| liqad$.exe |
liqad.exe |
liqad.dll |
liqad.ini |
| Temp
File |
Backup |
Other |
| liqad.tmp |
liqad.old |
liqad.dll_ |
5. AdBreak/kkcomp
| Installer |
Hijacker |
BHO |
Settings |
| kkcomp$.exe |
kkcomp.exe |
kkcomp.dll |
kvnab.ini |
| Temp File |
Backup |
Other |
| kkcomp.tmp |
kkcomp.old |
kkcomp.dll_ |
6. AdBreak/xadbrk
| Installer |
Hijacker |
BHO |
Settings |
| xadbrk_.exe |
xadbrk.exe |
xadbrk.dll |
xabrk.dll |
| Temp File |
Backup |
Other |
| xadbrk1.tmp |
xadbrk2.tmp |
xadbrk3.tmp |
7. AdBreak/fhfmm
| Installer |
Hijacker |
BHO |
Settings |
| fhfmm-Uninstaller.exe |
fhfmm.exe |
fhfmm.dll |
fhfmm.txt |
| Temp File |
Backup |
Other |
| fhfmm1.tmp |
fhfmm2.tmp |
fhfmm3.tmp |
8. AdBreak/liqui
| Installer |
Hijacker |
BHO |
Settings |
| liqui-Uninstaller.exe |
liqui.exe |
liqui.dll |
liqui.txt |
| Temp File |
Backup |
Other |
| liqui1.tmp |
liqui2.tmp |
liqui3.tmp |
When running, these variants may connect
to www.larint.com, adbreak.sylip.com,
www.adbreak.com, and possibly other
servers. |
|
|
|
|
|
|
|
Spyware Characteristics |
| Description: |
|
AdBreak
consists of a Browser Helper Object
which opens pop-up advertising as you
use Internet Explorer, and a task run
at startup which highjacks your home
page, search and error pages to point
to AdBreak's servers.
|
|
| Properties: |
|
- Stays resident in background
- Stealth: hides itself from user
|
|
|
|
|
|
|
|
What it does? |
| Advertising: |
|
Yes,
Opens pop-up adverts whilst browsing
with IE. |
|
| Privacy
violation: |
|
Yes,
Passes URLs of sites visited when adverts
are shown. |
|
| Security
issues: |
|
Yes,
Can execute arbitrary unsigned code
(as an update mechanism). |
|
| Stability
problems: |
|
None
Known. |
|
|
|
|
|
|
|
Method of infection |
| Common
sources of the software are currently
unknown, but the manufacturers of AdBreak
encourage software authors to piggy-back-install
it, and webmasters to load it through
ActiveX drive-by-downloads. |
|
|
|
|
|
