Getupdate

Posted: March 28, 2006

Getupdate, also known as Getup, is an adware application that serves commercial advertisements, changes web browser search settings and sends a user to undesirable web sites. It also downloads from the Internet and executes arbitrary files. Getupdate is able to automatically update itself. The threat is bundled with several advertising-supported products. It can also be manually installed.

File System Modifications

The following files were created in the system:

# File Name

1 aantx.dll

2 bpvt2.dll

3 myexplore.exe

4 updtr.exe

5 winexplore.exe

6 xm2s.dll

7 zedd4.dll

#	File Name
1	aantx.dll
2	bpvt2.dll
3	myexplore.exe
4	updtr.exe
5	winexplore.exe
6	xm2s.dll
7	zedd4.dll

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOTWinSystem.Best2HKEY_LOCAL_MACHINESOFTWAREClassesedd4Proj.clsUnoOneHKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerDefaultBehaviors7809607178HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternetSettingsSubscriptionFolderAID:GVMIHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternetSettingsSubscriptionFolderASET:Matrix_01HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs\%System%pvt2.dllHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs\%System%xm2s.dllHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs\%System%zedd4.dllHKEY_USERSS-1-5-21-1960408961-507921405-725345543-500SoftwareMicrosoftInternetExplorerMainAllowWindowReuse=0HKEY_USERSS-1-5-21-1960408961-507921405-725345543-500SoftwareMicrosoftInternetExplorerMainEnableBrowserExtensions=yes
The following CLSID's were detected:
HKEY..\..\{CLSID Path}3A051814-4E16-49D3-ACCF-76484CF6BC806D336187-169D-45DA-B76F-53B2840916FBE43F2D8C-12DE-4A0B-805E-84AD4FC4325CB570FFE8-3ACB-4A4D-AAB3-546D1C44592883B84CB7-F69D-4CB2-BC8A-9D19D762D4F6F4A645D0-D4D5-439E-9DBC-B31BBD9CB890

Getupdate

File System Modifications

Registry Modifications

Leave a Reply