McAfee > Theat Center > PUP Detail Page

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.  If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.
Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary

This is not a virus or a trojan. It is a direct-marketing adware application. Upon execution, it creates a toolbar on the desktop. When we click on the toolbar buttons, the application connects to prosearching.com and downloads and displays advertisements.

Privacy

No EULA is displayed during installation, although one could be displayed by another installer if bundled with another application.

System Changes

Filename : Boob.exe
MD5  : 5b6b1edbfd8476f7cc870422bed5d448

Filename : winactive.exe
MD5  : 55918b475d298f5c800496430332c7f5

Upon execution, a toolbar is created on the desktop as shown below.

The following run entry is created in the system registry, so that the application is activated on system startup.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|winactive
"Value Data" = "C:\Program Files\Window Active\winactive.exe"

The following files are added.

%PROGRAMFILES%\Window Active\unbzip2s.dll
%PROGRAMFILES%\Window Active\winactive.exe

The following registry keys are created.

• HKEY_CURRENT_USER\SOFTWARE\WinActive
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
  CurrentVersion\Run|winactive

The following ad is displayed.

Removal

Aliases

Aliases

N/A