The program presents itself as a Java updater or installer. Even though it does install Java, often it installs old or outdated versions - having old versions of Java on your PC can open you up to infection by malware. In the following example it will also install other software, including "idle Crawler" which we detect as a variant of the Clikug family.
We have seen it try to install programs including:
Find Ultra Premium Merchants
iStart123 - Polypower
PC Safe Pro - Fusion Tech Software
Radsteroids - Deals Interactive Media
Yontoo18 - EMG Technology, AIRZIP
It might also install a number of services, but gives you no way to uninstall them. For example, we've seen it install the following services, which may be used to update software installed by SoftwareBundler:Win32/SquareNet or protect some components from removal.
Service name: WinDevSrv Display name: WinDevSrv Description: Web Device Service Path: %APPDATA%\UpdateServ\UpdaterService.exe or <commonappdata>\Online\sv.exe
Service name: MediaDeviceSvc Display name: MediaDeviceSvc Description: Media Management Instrumention Path to executable: <commonappdata>\MediaDev\<numbers>\mediadev.exe, for example <commonappdata>\MediaDev\1405901676\mediadev.exe
The program might also install a file called vmhost.exe. This file may be used to browse the Internet without your knowledge and open ads that then redirect to exploit kits that try to infect your PC with malware.