Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CashBack' = '%PROGRAM_FILES%\CashBack\bin\cashback.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NaviSearch' = '%PROGRAM_FILES%\NaviSearch\bin\nls.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BullsEye Network' = '%PROGRAM_FILES%\BullsEye Network\bin\bargains.exe'
- %PROGRAM_FILES%\CashBack\bin\cashback.exe
- %WINDIR%\exdl.exe 3~No
- %WINDIR%\exdl.exe 2~No
- %PROGRAM_FILES%\NaviSearch\bin\nls.exe
- <SYSTEM32>\exdl1.exe 1~0
- <SYSTEM32>\exdl2.exe 2~0
- <SYSTEM32>\exdl3.exe 3~0
- %WINDIR%\adp8043_MEDIAWHIZ5.exe
- %PROGRAM_FILES%\Funcade\funcade.exe
- %PROGRAM_FILES%\Funcade\package_funcade_MEDIAWHIZ5.exe
- %PROGRAM_FILES%\BullsEye Network\bin\bargains.exe
- %WINDIR%\exdl.exe 1~No
- %WINDIR%\cb8040_MEDIAWHIZ5.exe
- %WINDIR%\nls8041_MEDIAWHIZ5.exe
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\nvms.dll
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\mscb.dll
- %WINDIR%\explorer.exe "http://www.na###earch.net/redir/fc_install_redir.html"
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\msbe.dll
- <SYSTEM32>\svchost.exe
- %PROGRAM_FILES%\CashBack\bb_click_wider.swf
- %PROGRAM_FILES%\CashBack\bb_auto_wider.swf
- %PROGRAM_FILES%\CashBack\template.html
- %PROGRAM_FILES%\CashBack\template2.html
- %PROGRAM_FILES%\CashBack\blank.gif
- %PROGRAM_FILES%\CashBack\icon.gif
- %PROGRAM_FILES%\CashBack\bb_welcome.html
- %PROGRAM_FILES%\CashBack\bb_welcome1.swf
- %PROGRAM_FILES%\CashBack\flash.exe
- %PROGRAM_FILES%\NaviSearch\Uninstall.exe
- %WINDIR%\cb8040_MEDIAWHIZ5.exe
- %PROGRAM_FILES%\NaviSearch\ad.dat
- <SYSTEM32>\nvms.dll
- %PROGRAM_FILES%\CashBack\cashback.exe
- %PROGRAM_FILES%\CashBack\cb.exe
- %TEMP%\nsuA.tmp
- %PROGRAM_FILES%\CashBack\mscb.dll
- %PROGRAM_FILES%\CashBack\logo.gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\fc_install_redir[1].html
- %PROGRAM_FILES%\CashBack\Uninstall.exe
- C:\temp\logo.gif
- <SYSTEM32>\mscb.dll
- <SYSTEM32>\exdl2.exe
- <SYSTEM32>\exdl1.exe
- <SYSTEM32>\exdl3.exe
- %PROGRAM_FILES%\NaviSearch\t1348551240.dec
- C:\temp\icon.gif
- %PROGRAM_FILES%\CashBack\bin\flash.exe
- C:\temp\bb_click_wider.swf
- %PROGRAM_FILES%\CashBack\bin\cashback.exe
- %PROGRAM_FILES%\CashBack\bin\cb.exe
- C:\temp\bb_welcome1.swf
- C:\temp\blank.gif
- C:\temp\bb_auto_wider.swf
- C:\temp\bb_welcome.html
- <SYSTEM32>\exul.exe
- <SYSTEM32>\javexulm.vxd
- <SYSTEM32>\mqexdlm.srg
- %HOMEPATH%\Desktop\Funcade.lnk
- %HOMEPATH%\Start Menu\Programs\Funcade\Uninstall.lnk
- %WINDIR%\exclean.exe
- %HOMEPATH%\Start Menu\Programs\Funcade\Funcade.lnk
- <SYSTEM32>\bbchk.exe
- <SYSTEM32>\exdl.exe
- %PROGRAM_FILES%\Funcade\package_funcade_MEDIAWHIZ5.exe
- %PROGRAM_FILES%\Funcade\uninstall.exe
- %TEMP%\nsr2.tmp
- %PROGRAM_FILES%\Funcade\funcade.exe
- %WINDIR%\exul.exe
- %WINDIR%\bbchk.exe
- %TEMP%\nsc4.tmp
- %WINDIR%\exdl.exe
- <SYSTEM32>\exclean.exe
- %WINDIR%\nls8041_MEDIAWHIZ5.exe
- %TEMP%\nsb8.tmp
- <SYSTEM32>\msbe.dll
- %PROGRAM_FILES%\BullsEye Network\Uninstall.exe
- %PROGRAM_FILES%\NaviSearch\ad-nls.dat
- %PROGRAM_FILES%\NaviSearch\bin\nls.exe
- %PROGRAM_FILES%\NaviSearch\nvms.dll
- %PROGRAM_FILES%\NaviSearch\nls.exe
- %PROGRAM_FILES%\BullsEye Network\bin\adx.exe
- %PROGRAM_FILES%\BullsEye Network\bargains.exe
- %PROGRAM_FILES%\BullsEye Network\adv.exe
- %WINDIR%\adp8043_MEDIAWHIZ5.exe
- %TEMP%\nsl6.tmp
- %PROGRAM_FILES%\BullsEye Network\bin\bargains.exe
- %PROGRAM_FILES%\BullsEye Network\bin\adv.exe
- %PROGRAM_FILES%\BullsEye Network\adx.exe
- %PROGRAM_FILES%\BullsEye Network\msbe.dll
- %PROGRAM_FILES%\CashBack\flash.exe
- %WINDIR%\cb8040_MEDIAWHIZ5.exe
- %PROGRAM_FILES%\CashBack\cashback.exe
- %PROGRAM_FILES%\CashBack\cb.exe
- %WINDIR%\exdl.exe
- %WINDIR%\exclean.exe
- %PROGRAM_FILES%\NaviSearch\t1348551240.dec
- %WINDIR%\exul.exe
- %WINDIR%\bbchk.exe
- %PROGRAM_FILES%\CashBack\mscb.dll
- %PROGRAM_FILES%\BullsEye Network\adv.exe
- %PROGRAM_FILES%\BullsEye Network\adx.exe
- %PROGRAM_FILES%\BullsEye Network\msbe.dll
- %PROGRAM_FILES%\BullsEye Network\bargains.exe
- %WINDIR%\adp8043_MEDIAWHIZ5.exe
- %PROGRAM_FILES%\NaviSearch\ad-nls.dat
- %WINDIR%\nls8041_MEDIAWHIZ5.exe
- %PROGRAM_FILES%\NaviSearch\nvms.dll
- %PROGRAM_FILES%\NaviSearch\nls.exe
- from %WINDIR%\exul.exe to <SYSTEM32>\javexulm.vxd
- from %WINDIR%\exdl.exe to <SYSTEM32>\mqexdlm.srg
- 'se#####.bargain-buddy.net':80
- 'www.na###earch.net':80
- 'localhost':1036
- se#####.bargain-buddy.net/scripts/adpopper/webservice.main?ve##################################
- www.na###earch.net/redir/fc_install_redir.html
- DNS ASK se#####.bargain-buddy.net
- DNS ASK www.na###earch.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'nls_wnd_class' WindowName: 'nls module'
- ClassName: 'cashback_wnd_class' WindowName: 'cashback module'
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: 'adp module'
- ClassName: 'adp_wnd_class' WindowName: 'adp'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'adp_wnd_class' WindowName: 'adp module'