BDE

Posted: March 28, 2006

BDE is an adware application that shows animated commercial advertisements. Some of its functions can be remotely controlled by the publisher. BDE can get into the computer along with some add-supported software or can be manually installed.

File System Modifications

The following files were created in the system:

# File Name

1 bdedata2.dll

2 bdedownloader.dll

3 bdefdi.dll

4 bdeinsta2.dll

5 bdeinstall.exe

6 bdesecureinstall.cab

7 bdesecureinstall.exe

8 bdeverify.dll

#	File Name
1	bdedata2.dll
2	bdedownloader.dll
3	bdefdi.dll
4	bdeinsta2.dll
5	bdeinstall.exe
6	bdesecureinstall.cab
7	bdesecureinstall.exe
8	bdeverify.dll

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}1D3BCE37-7834-4579-8169-E6781420A98HKEY_ALL_USERSSoftwareBrilliantDigitalEntertainmentHKEY_CLASSES_ROOT3d_auto_fileHKEY_CLASSES_ROOT3dini_auto_fileHKEY_CLASSES_ROOT.b3diniHKEY_CLASSES_ROOTADM25.ADM25HKEY_CLASSES_ROOTADM25.ADM25.1HKEY_CLASSES_ROOTBDEPLAYER.BDEPlayerCtrlHKEY_CLASSES_ROOTBDEPLAYER.BDEPlayerCtrl.1HKEY_CLASSES_ROOTBDESmartInstaller.BDESmartInstallerHKEY_CLASSES_ROOTBDESmartInstaller.BDESmartInstaller.1HKEY_CLASSES_ROOTBDESmartInstaller25.BDESmartInstaller25HKEY_CLASSES_ROOTBDESmartInstaller25.BDESmartInstaller25.1HKEY_LOCAL_MACHINESOFTWAREBrilliantDigitalEntertainmentHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun3dupdateHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstalldeplayer
The following CLSID's were detected:
HKEY..\..\{CLSID Path}67925164-C4B6-11D2-B9C6-0000E84F59A651958168-D5E3-11D1-AA42-0000E842E40A51958167-D5E3-11D1-AA42-0000E842E40A258a3625-183b-4477-aee2-ea54df6d878d67925165-C4B6-11D2-B9C6-0000E84F59A651958169-D5E3-11D1-AA42-0000E842E40A3EEC42B5-FB94-40D3-A588-BB54B383A7CB

BDE

File System Modifications

Registry Modifications

Related Posts

Leave a Reply