This program downloads other software onto your pc, without giving you adequate consent or control.
We have seen it try to download and install adware including Adware:Win32/CostMin and Adware:Win32/InvisibleBrowser. It can install these adware and other threats, including malware, silently, without your knowledge.
It can try to install malware including TrojanProxy:Win32/Bedri and members of the Clikug family of trojans that use your PC for click fraud, such as TrojanDownloader:Win32/Clikug.A.
The program presents itself as a Java updater or installer. Even though it does install Java, often it installs old or outdated versions - having old versions of Java on your PC can open you up to infection by malware. In the following example it will also install other software, including "idle Crawler" which we detect as a variant of the Clikug family.
We have seen it try to install programs including:
Find Ultra Premium Merchants
iStart123 - Polypower
PC Safe Pro - Fusion Tech Software
Radsteroids - Deals Interactive Media
Yontoo18 - EMG Technology, AIRZIP
It might also install a number of services, but gives you no way to uninstall them. For example, we've seen it install the following services, which may be used to update software installed by SoftwareBundler:Win32/SquareNet or protect some components from removal.
Service name: WinDevSrv
Display name: WinDevSrv
Description: Web Device Service
Path: %APPDATA%\UpdateServ\UpdaterService.exe or <commonappdata>\Online\sv.exe
Service name: MediaDeviceSvc
Display name: MediaDeviceSvc
Description: Media Management Instrumention
Path to executable: <commonappdata>\MediaDev\<numbers>\mediadev.exe, for example <commonappdata>\MediaDev\1405901676\mediadev.exe
The program might also install a file called vmhost.exe. This file may be used to browse the Internet without your knowledge and open ads that then redirect to exploit kits that try to infect your PC with malware.
Analysis by Hamish O'Dea
You see a program try to install Java that looks like this: