McAfee > Theat Center > PUP Detail Page

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

This is not a virus or trojan. It is a direct-marketing adware application. This application hooks on to the Internet Explorer as a Browser Helper Object (BHO).  and generates extra pop-up advertisements by connecting the user to a website on passivecow.com .

This kind of application likely comes bundled with another program, which usually discloses the fact that it is ad-supported. 

Installation

Adware-PassiveCow is usually installed by another application into the %Sysdir% directory as {7977A6ED-C4BD-490E-8C58-AA0849CA03A4}.dll.

(Where %Sysdir% is the Windows System directory, for example C:\WINDOWS\SYSTEM)

For example:

C:\Windows\System32\{7977A6ED-C4BD-490E-8C58-AA0849CA03A4}.dll

It creates the following Windows Registry keys:

• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{7977A6ED-C4BD-490E-8C58-AA0849CA03A4} = "JustForMonkeys.Bananas"
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ JustForMonkeys.Bananas
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Interface\{FF372CEE-1333-4FBD-A924-50B3199722F7} = "Bananas"
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{58C932E4-14FB-4060-B741-63CBF8D686E6}

Removal

Aliases

Aliases

N/A