Adware.Elodu

SUMMARY

Behavior

Adware.Elodu is an adware program that installs itself as a Browser Helper Object and displays pop up advertisements.

Protection

• Initial Rapid Release version October 12, 2006
• Latest Rapid Release version June 14, 2008 revision 017
• Initial Daily Certified version October 12, 2006
• Latest Daily Certified version June 14, 2008 revision 016
• Initial Weekly Certified release date October 18, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

TECHNICAL DETAILS

Adware.Elodu is an adware program that installs itself as a Browser Helper Object and displays pop up advertisements.

When the program is executed, it creates the following files:
%System%\IESysIcon.ico
%System%\lsmgr.dll
%System%\explorer.exe
%SystemDrive%\autorun.inf
%SystemDrive%\diskcheck.exe

Next, the program creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC564D32-0F1A-4367-8A9B-4A9F57688D03}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1CFFD533-46FE-4031-A3FF-5370943BA025}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E704673-BE49-4C13-8E36-288326D14709}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lsmgr.mssgr
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lsmgr.mssgr.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D1EDDE84-E67E-4ccd-B28E-73AD3B71A7C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC564D32-0F1A-4367-8A9B-4A9F57688D03}

The program also creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\open\command\"Default" = "%System%\explore.exe %1"