Adware.BHO!sd5
Adware.BHO!sd5 is a potentially unwanted advertising program. Adware.BHO!sd5 is stored as a Browser Helper Object that displays advertisements on websites when using Internet Explorer. Adware.BHO!sd5 can be used to gather internet related information such as a user's browsing habits. Adware.BHO!sd5 can also connect to a remote server to download and install additional malware.
Table of Contents
Aliases
1 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| - | Trojan.Win32.BHO.ahaw |
File System Details
Adware.BHO!sd5 may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %ProgramFiles%\Common Files\PushWare\Uninst.exe | |
| 2. | %ProgramFiles%\Common Files\PushWare\cpush.dll |
Registry Details
Adware.BHO!sd5 may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevlAdPopup.VLLogc\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewBopoMediumPop.PopBopo\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewBopoMediumPop.PopBopo.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\cpush
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins\Common
HKEY_CURRENT_USER\Software\Sysisoft\Other
(Default) = "{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}"
ThreadingModel = "apartment"
(Default) = "NewAdPopup.ToolbarDetector"
(Default) = "NewBopoMediumPop.PopBopo"
Version = "1.0"
(Default) = "IToolbarDetector"
(Default) = "0"
(Default) = "{34A12A06-48C0-420D-8F11-73552EE9631A}"
DisplayName = "Adsense based PopAd"
UserID = "{30087A5D-842C-45F1-BFCB-003F8C15C711}"
LastResetTD = 0x4C16FC98
LastResetST1 = 0x00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevlAdPopup.VLLogc\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevlAdPopup.VLLogc.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewBopoMediumPop.PopBopo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewBopoMediumPop.PopBopo.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins
HKEY_CURRENT_USER\Software\Sysisoft\Home
(Default) = "NevlAdPopup.VLLogc"
(Default) = "%ProgramFiles%\Common Files\PushWare\cpush.dll"
AppID = ""
(Default) = "CToolbarDetector Object"
(Default) = "CPopupBlock Object"
(Default) = "IAdLogic"
(Default) = "%ProgramFiles%\Common Files\PushWare\"
(Default) = "{11F09AFD-75AD-4E51-AB43-E09E9351CE16}"
(Default) = "AdPopup"
Ad_Version = "1,1,9,1"
size = 0x010F74CE
LastResetST = 0x00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevlAdPopup.VLLogc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NevlAdPopup.VLLogc.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewBopoMediumPop.PopBopo\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
HKEY_LOCAL_MACHINE\SOFTWARE\cpush\update
HKEY_CURRENT_USER\Software\Sysisoft
The newly created Registry Values are:
(Default) = "NevlAdPopup.VLLogc.1"
(Default) = "CAdLogic Object"
(Default) = "NewAdPopup.ToolbarDetector.1"
(Default) = "NewBopoMediumPop.PopBopo.1"
(Default) = "{00020424-0000-0000-C000-000000000046}"
(Default) = "IPopupBlock"
(Default) = "NewAdPopup 1.0 Type Library"
(Default) = "{CDE9EB54-A08E-4570-B748-13F5DDB5781C}"
UninstallString = "%ProgramFiles%\Common Files\PushWare\Uninst.exe"
param = "sid=ad"
FirstCheckTD2 = 0x4C16FC98
