Follow:

 

Adware:Win32/InfoAtoms


Adware:Win32/InfoAtoms is an adware program that displays advertisements related to your web browsing habits.

We detect Adware:Win32/InfoAtoms because it inserts advertisements into websites.

Our evaluation criteria resource page has more information on how and why we identify unwanted software.



What to do now

 Adware:Win32/InfoAtomscreates an uninstaller that can be accessed from the Control Panel:
  • For Windows 8, swipe in from the right and go to Start, type Uninstall and then go to Settings. In the search results, go to Uninstall a program.
  • For Windows 7 and Vista, open the Start menu and navigate to Control Panel>Programs>Uninstall a Program
  • For XP, open the Start menu and navigate to Control Panel>Add or Remove Programs

The entry name may be called "InfoAtoms". If an uninstaller is not available or if you do not want to use the uninstaller that is provided, you can use the following scanning and removal tools to detect and remove Adware:Win32/InfoAtoms and other unwanted software from your computer:

Threat behavior

Adware:Win32/InfoAtoms may be installed from the program's website by offers in third-party software installers. It may also be installed alongside Adware:Win32/AddLyrics.

Installation

When run, the installer for Adware:Win32/InfoAtoms creates a folder named "InfoAtoms" in %ProgramFiles% and installs the following files there:

  • 3rd Party Licenses\buildcrx-license.txt
  • 3rd Party Licenses\Info-ZIP-license.txt
  • 3rd Party Licenses\nsJSON-license.txt
  • 3rd Party Licenses\UAC-license.txt
  • terms-of-service.rtf
  • Uninstall.exe

Adware:Win32/InfoAtoms installs itself as a BHO (browser helper object), which can be seen in Internet Explorer's Manage Add-ons window, as in the following screenshot:

It installs the following files as part of its installation as an Internet Explorer add-on, Chrome extension and Firefox plug-in:

  • For the Chrome extension, it installs the following:
     
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\background.html
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\background.js (detected asAdware:Win32/InfoAtoms)
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\icon-128.png
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\icon-16.png
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\icon-48.png
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\manifest.json
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\options.css
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\options.html
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\options.js
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\vitruvian.bootstrap.js
    • %APPDATA% \Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.0_0\vitruvian.plugin-api.js
    • %ProgramFiles% \InfoAtoms.crx
       
  • For the Internet Explorer add-on, it installs the following:
     
    • %ProgramFiles% \ InfoAtoms\IE32\InfoAtomsClientIE.dll (detected as Adware:Win32/InfoAtoms)
       
  • For the Firefox plug-in, it installs the following:
     
    • %ProgramFiles% \InfoAtoms\FireFox\infoatoms@infoatoms.com.xpi
    • %ProgramFiles% \Mozilla Firefox\defaults\preferences\!InfoAtoms.js
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome.manifest
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\install.rdf
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome\content\browser.xul
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome\content\icon-48.png
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome\content\icon-64.png
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome\content\vitruvian.bootstrap.js
    • %ProgramFiles% \Mozilla Firefox\extensions\infoatoms@infoatoms.com\chrome\content\vitruvian.plugin-api.js (detected asAdware:Win32/InfoAtoms)
    • %ProgramFiles% \Mozilla Firefox\InfoAtoms.cfg
        

It also creates an installation entry called "InfoAtoms" in the Programs and Features section of the Control Panel. Running this uninstaller removes Adware:Win32/InfoAtoms from your computer.

Execution

Once installed, Adware:Win32/InfoAtoms displays advertisements to your as you browse the Internet, as in the following examples:

 

 

 

Analysis by Chris Stubbs


Symptoms

The appearance of offers in your web browser which state "about this ad" may indicate the presence of Adware:Win32/InfoAtoms on your computer.


Prevention


Alert level: High
First detected by definition: 1.145.745.0
Latest detected by definition: 1.177.1340.0 and higher
First detected on: Feb 28, 2013
This entry was first published on: Feb 28, 2013
This entry was updated on: Apr 15, 2013

This threat is also detected as:
  • Adware.Plugin.21 (Dr.Web)