Saturday, June 14, 2008

Adware-DigitalNames

Characteristics -

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program." It is a direct-marketing adware application that may generate pop-up advertisements while browsing the web. It hijacks the search keywords and send it to its own servers for displaying ads. If the search term is not in its database, it redirect the search term through http://search.msn.co.kr (Korean MSN).

This adware is observed to get installed through activeX, while visiting the site www.digitalna***.net . It can also get installed by double clicking its installer. It drops multiple files for showing advertisements. It appears to only show ads related to Korean keywords.

It is also responsible for installing rootkit files namely "xprtect.exe" and "xprtect.sys", so that the files and registry entries cannot be deleted. McAfee detects and remove this rootkit.

This application does not display a license agreement when installed.

Privacy

A privacy policy is not displayed during installation.

System Changes

Files Added

  • %SystemDir%\xprtect.exe (13 KB)
  • %SystemDir%\winhtml.dll (18 KB)
  • %SystemDir%\machdsdk.dll (99 KB)
  • %SystemDir%\drivers\xprtect.sys (9 KB)
  • %SystemDir%\drivers\dgtsys.sys (8 KB)
  • %SystemDir%\digitalnames.dll (27 KB)
  • %SystemDir%\dgtuninstall.exe (19 KB)
  • %SystemDir%\dgtstart.exe (35 KB)
  • %SystemDir%\dgtnmres.dll (99 KB)
  • %WinDir%\downloaded program files\digitalnamesplugin.ocx (40 KB)
  • %WinDir%\downloaded program files\digitalnamesplugin.inf (1 KB)

NOTE: %windir% is c:\windows by default in XP and c:\WINNT in Win2K. %sysdir% is c:\windows\system32 by default in XP.

Registry

The following registry keys are created:

Quick Glance

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Run\dgtstart: "dgtstart.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
    DIGITALNAMESPLUGINACTIVEXRENEW.DigitalNames
    PlugInActiveXreNewCtrl.1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
    {0F9317F7-F7DF-4803-B2EA-911AF4BDD2EB}\InprocServer32\: "C:\WINDOWS\DOWNLO~1\DIGITA~1.OCX"
  • HKEY_USERS\.DEFAULT\Software\DigitalNames
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Uninstall\DigitalNames
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DigitalNamesPlugIn.ocx
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\New Windows
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\dgtsys
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xprtect

Detailed registry changes

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    xprtect\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    xprtect\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    xprtect
    "DisplayName"="xprtect"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    xprtect "ImagePath"="\??\C:\WINDOWS\System32\drivers\xprtect.sys"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    xprtect
    "ErrorControl"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    xprtect
    "Start"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    xprtect
    "Type"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    xprtect
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    dgtsys\Enum
    "NextInstance"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    dgtsys\Enum
    "Count"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    dgtsys\Enum
    "0"="Root\LEGACY_DGTSYS\0000"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    dgtsys\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
  • Services\dgtsys
    "DisplayName"="dgtsys"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\dgtsys
    "ImagePath"="\??\C:\WINDOWS\System32\drivers\dgtsys.sys"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
  • Services\dgtsys
    "ErrorControl"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\dgtsys
    "Start"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\dgtsys
    "Type"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\dgtsys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\Root\LEGACY_DGTSYS\0000\Control
    "ActiveService"="dgtsys"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\Root\LEGACY_DGTSYS\0000\Control
    "*NewlyCreated*"="0"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\Root\LEGACY_DGTSYS\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\Root\LEGACY_DGTSYS\0000
    "DeviceDesc"="dgtsys"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\Root\LEGACY_DGTSYS\0000
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\Root\LEGACY_DGTSYS\0000
    "Class"="LegacyDriver"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\ Root\
    LEGACY_DGTSYS\0000
    "ConfigFlags"="0"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\Root\LEGACY_DGTSYS\0000
    "Legacy"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\Root\LEGACY_DGTSYS\0000
    "Service"="dgtsys"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\Root\LEGACY_DGTSYS\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Enum\Root\LEGACY_DGTSYS
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xprtect\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xprtect\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xprtect
    "DisplayName"="xprtect"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xprtect
    "ImagePath"="\??\C:\WINDOWS\System32\drivers\xprtect.sys"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xprtect
    "ErrorControl"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xprtect
    "Start"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xprtect
    "Type"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys\Enum
    "NextInstance"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys\Enum
    "Count"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys\Enum
    "0"="Root\LEGACY_DGTSYS\0000"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys\Enum
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys
    "DisplayName"="dgtsys"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys
    "ImagePath"="\??\C:\WINDOWS\System32\drivers\dgtsys.sys"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys
    "ErrorControl"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys
    "Start"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys
    "Type"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dgtsys
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS\0000\Control
    "ActiveService"="dgtsys"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS\0000
    "DeviceDesc"="dgtsys"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS\0000
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS\0000
    "Class"="LegacyDriver"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS\0000
    "ConfigFlags"="0"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS\0000
    "Legacy"="1"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS\0000
    "Service"="dgtsys"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DGTSYS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion\Uninstall\DigitalNames
    "DisplayVersion"="2.0.0.0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion \Uninstall\DigitalNames
    "HelpLink"="http://www.digitalnames.net"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion\Uninstall\DigitalNames
    "Publisher"="DigitalNames"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion\Uninstall\DigitalNames
    "DisplayName"="??????(?????? ????????) ??????"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion\Uninstall\DigitalNames
    "UninstallString"="C:\WINDOWS\System32\DGTUnInstall.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion\Uninstall\DigitalNames
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion\SharedDLLs
    "C:\WINDOWS\Downloaded Program Files\DigitalNamesPlugIn.ocx"="1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\
    CurrentVersion\Run
    "dgtstart"="dgtstart.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion
    \ModuleUsage\C:/WINDOWS/Downloaded Program Files/DigitalNamesPlugIn.ocx
    "{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}"=""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion
    \ModuleUsage\C:/WINDOWS/Downloaded Program Files/DigitalNamesPlugIn.ocx
    ".Owner"="{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion
    \ModuleUsage\C:/WINDOWS/Downloaded Program Files/DigitalNamesPlugIn.ocx
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
    "Cache"="(hex data)"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
    "Factor"="20"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
    "InitHits"="100"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
    "Size"="10"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
    "Enable"="1"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
    "W2KLpk"="1"
  • HKEY_CURRENT_USER\Software\DigitalNames
    "dist"="051"
  • HKEY_CURRENT_USER\Software\DigitalNames
    "nVersion"="2.0.0.0"
  • HKEY_CURRENT_USER\Software\DigitalNames
    "InstallDay"="2005-07-21 14:46:23"
  • HKEY_CURRENT_USER\Software\DigitalNames
  • HKEY_CLASSES_ROOT\TypeLib\{59F98ED6-BCCC-4F46-8E38-3C23C274C058}\1.0\HELPDIR
    "default"="C:\WINDOWS\Downloaded Program Files"
  • HKEY_CLASSES_ROOT\TypeLib\{59F98ED6-BCCC-4F46-8E38-3C23C274C058}\1.0\HELPDIR
  • HKEY_CLASSES_ROOT\TypeLib\{59F98ED6-BCCC-4F46-8E38-3C23C274C058}\1.0\FLAGS
    "default"="2"
  • HKEY_CLASSES_ROOT\TypeLib\{59F98ED6-BCCC-4F46-8E38-3C23C274C058}\1.0\FLAGS
  • HKEY_CLASSES_ROOT\TypeLib\{59F98ED6-BCCC-4F46-8E38-3C23C274C058}\1.0\0\win32
    "default"="C:\WINDOWS\Downloaded Program Files\DigitalNamesPlugIn.ocx"
  • HKEY_CLASSES_ROOT\TypeLib\{59F98ED6-BCCC-4F46-8E38-3C23C274C058}\1.0\0\win32
  • HKEY_CLASSES_ROOT\TypeLib\{59F98ED6-BCCC-4F46-8E38-3C23C274C058}\1.0\0
  • HKEY_CLASSES_ROOT\TypeLib\{59F98ED6-BCCC-4F46-8E38-3C23C274C058}\1.0
    "default"="DigitalNamesPlugIn ActiveX reNew ActiveX Control module"
  • HKEY_CLASSES_ROOT\TypeLib\{59F98ED6-BCCC-4F46-8E38-3C23C274C058}\1.0
  • HKEY_CLASSES_ROOT\TypeLib\{59F98ED6-BCCC-4F46-8E38-3C23C274C058}
  • HKEY_CLASSES_ROOT\Interface\{E9C4243A-0C85-4201-A233-1A77681755F8}\TypeLib
    "Version"="1.0"
  • HKEY_CLASSES_ROOT\Interface\{E9C4243A-0C85-4201-A233-1A77681755F8}\TypeLib
    "(default)"="{59F98ED6-BCCC-4F46-8E38-3C23C274C058}"
  • HKEY_CLASSES_ROOT\Interface\{E9C4243A-0C85-4201-A233-1A77681755F8}\TypeLib
  • HKEY_CLASSES_ROOT\Interface\{E9C4243A-0C85-4201-A233-1A77681755F8}
    \ProxyStubClsid32
    "default"="{00020420-0000-0000-C000-000000000046}"
  • HKEY_CLASSES_ROOT\Interface\{E9C4243A-0C85-4201-A233-1A77681755F8}
    \ProxyStubClsid32
  • HKEY_CLASSES_ROOT\Interface\{E9C4243A-0C85-4201-A233-1A77681755F8}
    \ProxyStubClsid
    "default"="{00020420-0000-0000-C000-000000000046}"
  • HKEY_CLASSES_ROOT\Interface\{E9C4243A-0C85-4201-A233-1A77681755F8}
    \ProxyStubClsid
  • HKEY_CLASSES_ROOT\Interface\{E9C4243A-0C85-4201-A233-1A77681755F8}
    "default"="_DDigitalNamesPlugInActiveXreNew"
  • HKEY_CLASSES_ROOT\Interface\{E9C4243A-0C85-4201-A233-1A77681755F8}
  • HKEY_CLASSES_ROOT\Interface\{51524291-EDC3-4B52-9E99-FFEF12D7244E}\TypeLib
    "Version"="1.0"
  • HKEY_CLASSES_ROOT\Interface\{51524291-EDC3-4B52-9E99-FFEF12D7244E}\TypeLib
    "(default)"="{59F98ED6-BCCC-4F46-8E38-3C23C274C058}"
  • HKEY_CLASSES_ROOT\Interface\{51524291-EDC3-4B52-9E99-FFEF12D7244E}\TypeLib
  • HKEY_CLASSES_ROOT\Interface\{51524291-EDC3-4B52-9E99-FFEF12D7244E}
    \ProxyStubClsid32
    "default"="{00020420-0000-0000-C000-000000000046}"
  • HKEY_CLASSES_ROOT\Interface\{51524291-EDC3-4B52-9E99-FFEF12D7244E}
    \ProxyStubClsid32
  • HKEY_CLASSES_ROOT\Interface\{51524291-EDC3-4B52-9E99-FFEF12D7244E}
    \ProxyStubClsid
    "default"="{00020420-0000-0000-C000-000000000046}"
  • HKEY_CLASSES_ROOT\Interface\{51524291-EDC3-4B52-9E99-FFEF12D7244E}
    \ProxyStubClsid
  • HKEY_CLASSES_ROOT\Interface\{51524291-EDC3-4B52-9E99-FFEF12D7244E}
    "default"="_DDigitalNamesPlugInActiveXreNewEvents"
  • HKEY_CLASSES_ROOT\Interface\{51524291-EDC3-4B52-9E99-FFEF12D7244E}
  • HKEY_CLASSES_ROOT\DIGITALNAMESPLUGIN
    ACTIVEXRENEW.DigitalNamesPlugInActiveXreNewCtrl.1
    \CLSID
    "default"="{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}"
  • HKEY_CLASSES_ROOT\DIGITALNAMESPLUGIN
    ACTIVEXRENEW.DigitalNamesPlugInActiveXreNewCtrl.1
    \CLSID
  • HKEY_CLASSES_ROOT\DIGITALNAMESPLUGIN
    ACTIVEXRENEW.DigitalName
    sPlugInActiveXreNewCtrl.1
    "default"="DigitalNamesPlugInActiveXreNew Control"
  • HKEY_CLASSES_ROOT\DIGITALNAMESPLUGIN
    ACTIVEXRENEW.DigitalName
    sPlugInActiveXreNewCtrl.1
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\Version
    "default"="1.0"
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\Version
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\TypeLib
    "default"="{59F98ED6-BCCC-4F46-8E38-3C23C274C058}"
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\TypeLib
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\ToolboxBitmap32
    "default"="C:\WINDOWS\DOWNLO~1\DIGITA~1.OCX, 1"
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\ToolboxBitmap32
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\ProgID
    "default"="(hex data)"
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\ProgID
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\MiscStatus\1
    "default"="131473"
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\MiscStatus\1
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\MiscStatus
    "default"="0"
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\MiscStatus
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\InprocServer32
    "ThreadingModel"="Apartment"
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\InprocServer32
    "(default)"="C:\WINDOWS\DOWNLO~1\DIGITA~1.OCX"
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\InprocServer32
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\Control
    "default"=""
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}\Control
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}
    "default"="DigitalNamesPlugInActiveXreNew Control"
  • HKEY_CLASSES_ROOT\CLSID\{EED125B3-3BE7-49DE-B3C1-CDA0E4B76958}
  • HKEY_CLASSES_ROOT\CLSID\{0F9317F7-F7DF-4803-B2EA-911AF4BDD2EB}\InprocServer32
    "default"="C:\WINDOWS\DOWNLO~1\DIGITA~1.OCX"
  • HKEY_CLASSES_ROOT\CLSID\{0F9317F7-F7DF-4803-B2EA-911AF4BDD2EB}\InprocServer32
  • HKEY_CLASSES_ROOT\CLSID\{0F9317F7-F7DF-4803-B2EA-911AF4BDD2EB}
    "default"="DigitalNamesPlugInActiveXreNew Property Page"
  • HKEY_CLASSES_ROOT\CLSID\{0F9317F7-F7DF-4803-B2EA-911AF4BDD2EB}

Network Impact

Additional overhead in bandwidth can be due to download of advertising content.

Related IP:

  • 218.38.18.49

Image showing how a search keyword is transmitted to Korean msn website

Symptoms

Symptoms -

N/A This is not a virus or trojan.

Method of Infection

Method of Infection -

N/A This is not a virus or trojan.

Removal -

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants -

    N/A

Posted by jon at 11:32 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)