medium-medium

Adware-Alexa

Adware-Alexa

Threat Detail

  • Malware Type: Program
  • Malware Sub-type: Adware
  • Protection Added: 2005-01-19

This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.


Minimum Engine

5400.1158

File Length

Description Added

2005-01-19

Description Modified

2005-01-19

Malware Proliferation

fpo-ti-severity-legend logo-new-mcafee

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.  If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.
Please contact the software vendor for further information.

See /content/dam/enterprise/en-us/threatcenter/vil/DATReadme.asp for a list of Program detections added to the DATs.

See /content/dam/enterprise/en-us/threatcenter/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary:

Upon execution of this application, Alexa toolbar is installed in Internet Explorer. Search keywords used in Google were transferred to Alexa servers. Also Alexa sends personal information such as usernames to the Alexa site.

Installation:

Filename : AlexaInstaller.exe
MD5       : 9e9601f62db49513151f60e3a3b5519d

Filenames and locations may vary from version to version.
An EULA of length 8851 words was displayed at the time of installation.

The following files are dropped when the application is executed.

AlxTB1.dll
AlxRes.dll

The following registry entries confirm Dll registration and startup entries made by this application.

HKEY_CLASSES_ROOT\CLSID\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}
HKEY_CLASSES_ROOT\CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}
HKEY_CLASSES_ROOT\CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}
HKEY_CLASSES_ROOT\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}
HKEY_CLASSES_ROOT\CLSID\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}
HKEY_CLASSES_ROOT\CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}
HKEY_CLASSES_ROOT\Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}
HKEY_CLASSES_ROOT\Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}
HKEY_CLASSES_ROOT\Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}
HKEY_CLASSES_ROOT\Interface\{B79D9232-A798-43DB-9E61-281D550460E4}
HKEY_CLASSES_ROOT\Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}
HKEY_CLASSES_ROOT\Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}
HKEY_CLASSES_ROOT\Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}
HKEY_CLASSES_ROOT\Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}
HKEY_CLASSES_ROOT\Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}
HKEY_CLASSES_ROOT\Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}
HKEY_CLASSES_ROOT\Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}
HKEY_CLASSES_ROOT\Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}
HKEY_CLASSES_ROOT\Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}
HKEY_CLASSES_ROOT\Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}
HKEY_CLASSES_ROOT\Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}
HKEY_CLASSES_ROOT\Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}
HKEY_CLASSES_ROOT\Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}
HKEY_CLASSES_ROOT\Interface\{0BBB0424-E98E-4405-9A94-481854765C80}
HKEY_CLASSES_ROOT\Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}
HKEY_CLASSES_ROOT\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}
HKEY_CLASSES_ROOT\TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}
HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar

N/A. This is not a trojan or virus.

Modification to IE Toolbar.
Modification of default home page  to http://www.alexa.com/?p=home