Follow:

 

Adware:Win32/Adkubru


Adware:Win32/Adkubru is a program that delivers pop-up advertisements and changes the default start page and search settings.


What to do now

To detect and remove this program and other unwanted software that may be installed in your computer, run a full-system scan with an up-to-date antispyware product such as the following:
 

Threat behavior

Adware:Win32/Adkubru is a program that delivers pop-up advertisements and changes the default start page and search settings.
Installation
Adware:Win32/Adkubru is installed as the following:
 
  • %ProgramFiles%\object\bho_project.dll
 
It is installed as a BHO by the creation of the following entries:
 
Adds subkeys:
HKLM\SOFTWARE\Classes\bho_project.bho_object
HKLM\SOFTWARE\Classes\bho_project.bho_object.1
HKLM\SOFTWARE\Classes\CLSID\{66D8FBA6-D90F-40A9-AC55-84896F79CA69}
 
Adds value: "(default)"
With data: "%ProgramFiles%\object\bho_project.dll"
In subkey: HKLM\SOFTWARE\Classes\CLSID\{66D8FBA6-D90F-40A9-AC55-84896F79CA69}\InprocServer32
 
Adds value: "installid"
With data: "{1f39dbe1-45e9-46c7-8e13-43dc8832adfa}"
In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69}
Execution
Modifies Internet Explorer settings
Adware:Win32/Adkubru modifies the following registry entries:
 
Adds value: "Start Page"
With data: "http://www.startsearcher.com"
In subkey: HKLM\Software\Microsoft\Internet Explorer\Main
 
Adds value: "DisplayName"
With data: "Search"
Adds value: "ShowSearchSuggestions"
With data: "dword:00000001"
Adds value: "SuggestionsURL"
With data: "http://clients5.google.com/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
Adds value: "URL"
With data: "http://www.startsearcher.com/?q={searchTerms}&src=IETB"
In subkey: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
 
Displays advertisements
Adware:Win32/Adkubru may connect to the following website and display unwanted ads:
 
  • ad.adurr.com/ad.js.php
 
Analysis by Elda Dimakiling

Symptoms

System Changes
The following system changes may indicate the presence of Adware:Win32/Adkubru:
  • The presence of the following file:
    %ProgramFiles%\object\bho_project.dll
  • The presence of the following registry subkeys:
  • HKLM\SOFTWARE\Classes\bho_project.bho_object
    HKLM\SOFTWARE\Classes\bho_project.bho_object.1
    HKLM\SOFTWARE\Classes\CLSID\{66D8FBA6-D90F-40A9-AC55-84896F79CA69}

Prevention


Alert level: High
First detected by definition: 1.87.225.0
Latest detected by definition: 1.177.1340.0 and higher
First detected on: Jul 20, 2010
This entry was first published on: Aug 13, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Trojan.Win32.BHO.aiif (Kaspersky)
  • Trojan.BHO.AJEN (VirusBuster)
  • TR/BHO.aiif (Avira)
  • Win32/BHO.OAD (ESET)
  • Trojan.Win32.BHO (Ikarus)