Search:       

Sunday, 7 September 2008       

SearchMiracle.AdDownloader Spyware/Adware Definition


Name: SearchMiracle.AdDownloader
Category: Trojan Downloader
Alias: TROJ_STARTPGE.KR, W32/AdClicker.Z, Troj/StartPa-NK, Win32/Startpage.KR, Win32.Startpage.KR[trojan],
Advice: Remove
Risk: Elevated Risk Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
Description: SearchMiracle.AdDownloader installs a memory resident adware application that displays popup ads on the users computer.

SearchMiracle.Downloader connects to the following URLs, which in turn may also open links to other adware-related Web sites:
http://info.searchmiracle.com/popsetarray.php
http://info.searchmiracle.com/update.php

After connecting to thew update page, the trojan then downloads and executes its update package protector_update.exe. Once protector_update.exe is installed the trojan communicates with the URL http://info.searchmiracle.com/popsetarray.php to determine what ads to display to the user.

Sample data:
"http://searchmiracle.com/ads/ad.php?country=1&pos=1|720|300|0|50|||| http://searchmiracle.com/ads/ad.php?country=1&pos=2|739|300|0|50|||| http://searchmiracle.com/ads/ad.php?country=1&pos=3|698|290|0|50|||| http://searchmiracle.com/ads/ad.php?country=1&pos=4|700|500|0|50|||| http://searchmiracle.com/ads/ad.php?country=1&pos=5|752|467|0|50|||| http://searchmiracle.com/ads/ad.php?country=1&pos=3|698|290|0|17180|||| http://searchmiracle.com/ads/ad.php?country=1&pos=3|698|290|0|17280|||| http://searchmiracle.com/ads/ad.php?country=1&pos=3|698|290|0|17280|||| http://searchmiracle.com/ads/ad.php?country=1&pos=3|698|290|0|17280|||| http://searchmiracle.com/ads/ad.php?country=1&pos=1|720|300|0|17180||||"
Signatures: process: protas.exe: MD5 Hash: CCA7F61E2095E805211... process: protector_update.exe: MD5 Hash: CCA7F61E2095E805211... process: protector.exe: MD5 Hash: 25b6e2f440cbff32e34... process: elitebdc32.exe: MD5 Hash: 25B6E2F440CBFF32E34... process: elitelfh32.exe: MD5 Hash: 25B6E2F440CBFF32E34... process: protector_update.exe: MD5 Hash: 22ef63bfb229b17ee96... process: regcleanbundle.exe: MD5 Hash: 8116b7bff33312d3b79... process: rgbndl_enaxb1.exe: MD5 Hash: bee2c2e90fe644da014..
Type: Trojan Downloader - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy.


Top Trojan Downloader Visited Pages:
180 Search Boomerang
ABox
Active Delivery
ActiveInstaller
ACXInstall
AdServerNow
Agent.MJ
Agent.MK
Agent.ML
Agent.MN
Agent.SH
Agent.SI
Agent.SJ
Agent.SK
Atmaca Downloader

 

Main Menu
Home
Top Downloads
New Programs
Awards
Submit
Link to us
Spyware Definitions
Viruses Info
Recipes
Jokes
Contact us

Spyware Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially dangerous utilities/tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 



 

 
- Privacy Policy -