Home Malware Programs Adware Adware:Win32/DealsPlugin


Posted: February 1, 2013

Threat Metric

Ranking: 3,314
Threat Level: 1/10
Infected PCs: 3,733
First Seen: February 1, 2013
Last Seen: October 17, 2023
OS(es) Affected: Windows

Adware:Win32/DealsPlugin is an adware program that displays offers on the targeted computer, depending on the websites affected PC users visit. Adware:Win32/DealsPlugin also inserts unrelated advertisements into the websites that attacked computer users visit. Adware:Win32/DealsPlugin may create an uninstaller that can be accessed by computer users from the Control Panel. The entry name of Adware:Win32/DealsPlugin may be called 'Deals Plugin'. Adware:Win32/DealsPlugin may be installed on the vulnerable computer when the PC user visits the website of the program. Adware:Win32/DealsPlugin will appear as a BHO (Browser Helper Object) in Internet Explorer. Adware:Win32/DealsPlugin creates a scheduled task to launch every day at 13:00, enabling it to update itself. Adware:Win32/DealsPlugin also installs itself as an extension for Google Chrome and Mozilla Firefox. Once installed, Adware:Win32/DealsPlugin displays deals when the computer user surfs the Internet. If the computer users clicks on the 'flag', the program will numerous deals. Adware:Win32/DealsPlugin may display a 'flag' on the top right-hand corner of the hijacked web browser. Adware:Win32/DealsPlugin may create an uninstaller that can be seen in the Programs and Features window. Adware:Win32/DealsPlugin creates a number of registry keys.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%LOCALAPPDATA%\Updater4637\Updater4637.exe File name: %LOCALAPPDATA%\Updater4637\Updater4637.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{CLSID Path}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022462237}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011461137}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044464437}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066466637}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055465537}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{11111111-1111-1111-1111-110011461137}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011461137}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461137}HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0004637.Sandbox.1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0004637.SandboxHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0004637.BHO.1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0004637.BHO