Home Malware Programs Adware Medload

Medload

Posted: March 28, 2006

Medload is an adware spyware that shows undesirable commercial pop-up advertisements, opens advertising web sites and installs main components of several dangerous adware threats. It also changes Internet Explorer security settings and creates multiple desktop shortcuts that lead to potentially unsafe web sites. Medload can get into the computer along with some ad-supported software. It also can be installed by certain spywares. Medload automatically runs on every Windows startup.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 hisistheurls.exe
    2 imbuddy2.exe
    3 m[X]m.ocx
    4 medload.exe
    5 medload3.exe
    6 mm[X].exe
    7 mm[X].ocx
    8 newpop[X].exe
    9 objsafe.tlb
    10 seeve.exe
    11 thin-[X].exe
    12 thin-[XVS].exe
    13 ubber60.ini
    14 unstall.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOTIObjSafety.DemoCtlHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsoneMapDomainsmedia-motor.netHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternetSettingsoneMapDomainspopuppers.comHKEY_CURRENT_USERSoftwareWinRARSFXC:DocumentsandSetttings[CurrentUser]DesktopHKEY_CURRENT_USERSoftwareWinRARSFXC:ProgramFilesjoysticknetworkssetupHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionModuleUsageC:/Windows/DownloadedProgramFiles/m[X]m.ocxHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionModuleUsageC:/Windows/System32/objsafe.tlbHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunloads.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunpopuppersHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunpopuppers64HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunseeve.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunsixtysixHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs(Default)=%Windir%DownloadedProgramFilesm[X]m.ocxHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSharedDLLs(Default)=%Windir%System32objsafe.tlbHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallmedia-motorHKEY_LOCAL_MACHINESOFTWAREmm
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}78A163D2-2358-464D-807B-0E2A078C7727466C63AC-F26E-49F1-861A-E07DA768A46AE832FFDE-8ED2-47B7-BE50-729A238040A0B2EEDA99-DA99-4D0D-9F7F-143C30521388AD29366C-63AA-4FF3-944F-91AD7193BCA2A9136CFD-FD01-41B8-9969-0B37720ED8AB9F61CFDF-5C79-4D35-B4DA-766B28367223674A6BD5-317A-49CF-9647-1E085E660CE064A5BD22-8D8A-4193-9CF8-7DB5212ABB173E4BCF50-865B-4EF4-A0BC-BF57229EA525E0CE16CB-741C-4B24-8D04-A817856E07F47149E79C-DC19-4C5E-A53C-A54DDF75EEE9
Loading...