Adware.BHO!sd5
Adware.BHO!sd5 is a potentially unwanted adware program designed to deliver various advertisements to the user's system. Adware.BHO!sd5 also contains an Internet Explorer toolbar which, when accessed, will display links to other corrupt sites. It is advisable to have Adware.BHO!sd5 removed with an effective anti-virus program once detected.
Aliases
Trojan.Win32.BHO.ahaw (Kaspersky Lab)
File System Modifications
- The following files were created in the system:
# File Name 1 %ProgramFiles%\Common Files\PushWare\cpush.dll 2 %ProgramFiles%\Common Files\PushWare\Uninst.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\SysisoftHKEY_CURRENT_USER\Software\Sysisoft\HomeHKEY_CURRENT_USER\Software\Sysisoft\OtherHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\ProgrammableHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\VersionIndependentProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\ProgrammableHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\VersionIndependentProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\ProgrammableHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\VersionIndependentProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}\ProxyStubClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}\ProxyStubClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}\ProxyStubClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevlAdPopup.VLLogcHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevlAdPopup.VLLogc.1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevlAdPopup.VLLogc.1\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevlAdPopup.VLLogc\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevlAdPopup.VLLogc\CurVerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetectorHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector\CurVerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewBopoMediumPop.PopBopoHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewBopoMediumPop.PopBopo.1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewBopoMediumPop.PopBopo.1\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewBopoMediumPop.PopBopo\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewBopoMediumPop.PopBopo\CurVerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\0HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\0\win32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\FLAGSHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\HELPDIRHKEY_LOCAL_MACHINE\SOFTWARE\MicroPluginsHKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins\CommonHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}HKEY_LOCAL_MACHINE\SOFTWARE\cpushHKEY_LOCAL_MACHINE\SOFTWARE\cpush\updateHKEY..\..\..\..{RegistryKeys}(Default) = "%ProgramFiles%\Common Files\PushWare\"(Default) = "%ProgramFiles%\Common Files\PushWare\cpush.dll"(Default) = "0"(Default) = "AdPopup"(Default) = "CAdLogic Object"(Default) = "CPopupBlock Object"(Default) = "CToolbarDetector Object"(Default) = "IAdLogic"(Default) = "IPopupBlock"(Default) = "IToolbarDetector"(Default) = "NevlAdPopup.VLLogc"(Default) = "NevlAdPopup.VLLogc.1"(Default) = "NewAdPopup 1.0 Type Library"(Default) = "NewAdPopup.ToolbarDetector"(Default) = "NewAdPopup.ToolbarDetector.1"(Default) = "NewBopoMediumPop.PopBopo"(Default) = "NewBopoMediumPop.PopBopo.1"(Default) = "{00020424-0000-0000-C000-000000000046}"(Default) = "{11F09AFD-75AD-4E51-AB43-E09E9351CE16}"(Default) = "{34A12A06-48C0-420D-8F11-73552EE9631A}"(Default) = "{CDE9EB54-A08E-4570-B748-13F5DDB5781C}"(Default) = "{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}"Ad_Version = "1,1,9,1"AppID = ""DisplayName = "Adsense based PopAd"FirstCheckTD2 = 0x4C16FC98LastResetST = 0x00000000LastResetST1 = 0x00000000LastResetTD = 0x4C16FC98The newly created Registry Values are:ThreadingModel = "apartment"UninstallString = "%ProgramFiles%\Common Files\PushWare\Uninst.exe"UserID = "{30087A5D-842C-45F1-BFCB-003F8C15C711}"Version = "1.0"param = "sid=ad"size = 0x010F74CEHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}ContentMatch
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.