English 
AdRotator AdRotator
By
GoldSparrow in 
Loading ...
AdRotator Description
AdRotator is adware that may launch pop-up advertisements onto your computer’s desktop. AdRotator may also monitor your online and internet activity, placing your personal and financial information at great risk. AdRotator can be bundled with Spediabar Trojan.
Type: Adware
Automatic Detection of AdRotator
AdRotator Technical Report
As new AdRotator details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following AdRotator files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| gzmrt.dll | 72192 | 60561e8776a30379c7d20a9a374d52c0 |
| gzmrt.dll | 135680 | 0a8ca71260d5b30a4935c13c2e13934f |
| nodeipprocStp101[1].exe | 235181 | f195805af4fe9fea1c3f6e7505369c48 |
| g15.exe | 399607 | 3d9b5ece21195ed5d2ced9cbe26dad43 |
| 3c2ae9e1-c4db-87b6-1ac0-cb084b187720.dll | 328192 | 2cee2a8b145369b2fb8de268ce641d43 |
| 3c2ae9e1-c4db-87b6-1ac0-cb084b187720.dll-uninst.exe | 63893 | a3e6f0abe2690df7ff0ae8d167603201 |
| adrotate.dll | 58880 | a8b9d6c79dd2c747b1b72ad7b77c3698 |
| adrotate.dll | 60416 | 2bf732d2926ba791ef32a356d48b498c |
| pszsceetzzb.dll | 296448 | 8630409f0d59e89bea8fb8c74809649d |
| vwzpfmtbkkb.exe | 47888 | 5c01f542c97a805413fd891aaa8a1f05 |
| yjsacesvvkrpssw.dll | 295936 | db7c1010b6922320e29115163a856036 |
| duzfajdjnnyxethwo.dll | 160768 | 764c37cf2624b6f928726832ba2dc185 |
| fwanqtvosgmeh.dll | 366592 | 14d6ec589aad13b6a87ae633c283c791 |
| ausfnybssw.dll | 296448 | 23c7fb8b79f3d5e12cd0fe6c1dd2aee6 |
| rsljekglywbvezmo.dll | 178176 | 0cf132a29410b5ee656a610f920b4ba7 |
AdRotator has typically the following processes in memory:
- nodeipprocStp101[1].exe
- brrotate.dll
- %SYSTEMROOT%\system32\pszsceetzzb.dll
- %SYSTEMROOT%\system32\fwanqtvosgmeh.dll
- mwsvm.ocx
- adrot-uninst.exe
- gzmrt.dll
- %SYSTEMROOT%\system32\duzfajdjnnyxethwo.dll
- mwsvm.exe
- adrotate.dll
- brrot-uninst.exe
- %SYSTEMROOT%\system32\yjsacesvvkrpssw.dll
AdRotator creates the following registry entries:
- 3e7145b1-ea07-42ce-9299-11df39ff54bd
- HKEY_CLASSES_ROOTurllauncher.urllaunchercontrol
- unslmss
- D117A61F-92C3-4450-A0C8-F425B14D4127
- 407FC66D-6224-4AEB-AA79-8AECB1C4D4A1
- NodeIpProc
- CommAid
- FEA9CB23-100C-4B57-8038-932C9F2FE5FA
- Microsoft\Windows\CurrentVersion\App Paths\CommA
- 7DB476DD-EA1E-4c91-880F-DCD1888740A1
- bbe160c6-8bd8-4ac6-2473-08baeca009ec
- 34ef5b1c-52cb-400b-8b7c-f787018b3826
- 3cd9d85e-1ff2-4bf7-a113-6669b8d1e676
- HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversion
- HKEY_LOCAL_MACHINEsoftwareslmss
- BannerRotator.Rotator.1
- Microsoft\Rotator
- E954DB82-1533-4714-92F2-59C98D5C18CC
- BannerRotator.Rotator2.1
- E535E46D-4EE3-413B-B44B-8DA0F3688A54
- 7D9362F8-77D8-4b29-97B5-621D550890C0
- 4FEAEB86-E05D-D188-12AA-A9B04386683D
- HKEY_CLASSES_ROOTadrotator.application
- e9d8697e-bea9-4170-84f3-509ad2a11951
- HKEY_CLASSES_ROOTurllauncher.urllaunchercontrol.1
- HKEY_LOCAL_MACHINEsoftwaremwsvm
- BannerRotator.Rotator
- DEFDEADA-C390-4EB9-97FA-59D56B21E5D5
- EEC590D8-0A3C-4464-BB20-25A4747992F9
- BannerRotator.Rotator2
- 7DABFFEB-649F-4077-9E03-202688D77676
- Microsoft\Windows\CurrentVersion\App Management\ARPCache\CommAid
- F8ADD904-C736-B072-B196-2A05414D3FE4
- CDAA8EDA-5EBE-B4C8-8205-5C732F6F815E
Important Article Disclaimer
This entry was posted
on 03/9/08 and is filed under Adware.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
