Home Malware Programs Adware CDT

CDT

Posted: March 28, 2006

CDT is a malicious adware spyware that shows unsolicited commercial pop-up advertisements and reduces computer security by modifying Internet Explorer essential security settings. The threat adds advertising, marketing, pornographic and similar insecure web resources into the web browser's Trusted Sites list. It also enables support for ActiveX controls and .NET components, allows to silently download and run harmful scripts and plugins and registers certain adware companies as trusted software publishers.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 mediatickets.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsones22001=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsones22004=0HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsMinLevel=CodeDownloadHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsSafetyWarningLevel=SucceedSilentHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsSecurity_RunActiveXControls=0x01000000HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsSecurity_RunScripts=0x01000000HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsTrustWarningLevel=NoSecurityHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrustProvidersSoftwarePublishingTrustDatabase[randomstring]=[publishername]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternetSettingsoneMapDomains[domain]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternetSettingsoneMapRangesRange1:Range=[IPaddress]HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternetSettingsMinLevel=CodeDownloadHKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternetSettingsSafetyWarningLevel=SucceedSilentHKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternetSettingsSecurity_RunActiveXControls=0x01000000HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternetSettingsSecurity_RunScripts=0x01000000HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternetSettingsTrustWarningLevel=NoSecurityInternetSettingsoneMapRangesRange1:Range=[IPaddress]

Related Posts

Loading...