Adware:Win32/Adkubru is a program that delivers pop-up advertisements and changes the default start page and search settings.
Installation
Adware:Win32/Adkubru is installed as the following:
-
%ProgramFiles%\object\bho_project.dll
It is installed as a BHO by the creation of the following entries:
Adds subkeys:
HKLM\SOFTWARE\Classes\bho_project.bho_object
HKLM\SOFTWARE\Classes\bho_project.bho_object.1
HKLM\SOFTWARE\Classes\CLSID\{66D8FBA6-D90F-40A9-AC55-84896F79CA69}
Adds value: "(default)"
With data: "%ProgramFiles%\object\bho_project.dll"
In subkey: HKLM\SOFTWARE\Classes\CLSID\{66D8FBA6-D90F-40A9-AC55-84896F79CA69}\InprocServer32
Adds value: "installid"
With data: "{1f39dbe1-45e9-46c7-8e13-43dc8832adfa}"
In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69}
Execution
Modifies Internet Explorer settings
Adware:Win32/Adkubru modifies the following registry entries:
Adds value: "Start Page"
With data: "http://www.startsearcher.com"
In subkey: HKLM\Software\Microsoft\Internet Explorer\Main
Adds value: "DisplayName"
With data: "Search"
Adds value: "ShowSearchSuggestions"
With data: "dword:00000001"
Adds value: "SuggestionsURL"
With data: "http://clients5.google.com/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
Adds value: "URL"
With data: "http://www.startsearcher.com/?q={searchTerms}&src=IETB"
In subkey: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
Displays advertisements
Adware:Win32/Adkubru may connect to the following website and display unwanted ads:
Analysis by Elda Dimakiling
