Threat Database Adware AdSentinel

AdSentinel

By GoldSparrow in Adware

Computer security researchers alert of the AdSentinel (a.k.a. RealTimeLeads) adware that may use a Privoxy proxy server to introduce advertisements to unaffiliated pages and generate pay-per-click revenue for its creators. The AdSentinel adware may land on machines that run the latest version of Windows and run as AdSentinel.exe, which is visible in the Task Manager. AdSentinel (a.k.a. RealTimeLeads) adware is a program that reroutes all of the user's Internet traffic via a customized Privoxy proxy server. Additionally, AdSentinel adds a JavaScript code to the header and footer of pages you load to display promotional materials. The AdSentinel adware may add keys to the following classes in the registry:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
  • HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
  • HKLM\SYSTEM\CurrentControlSet\services\
  • HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\
  • HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\

AdSentinel is programmed to run with the system boot up and run as a service in the background. Users will not see an icon or a program window in the tray area and need to switch to the services tab in the Task Manager to notice that AdSentinel is running. The ads by RealTimeLeads (AdSentinel) may be shown as banners and ad boxes that include video and audio. Researchers point out that AdSentinel appears to be a sophisticated program that uses BAT files and JavaScript to alter the user's proxy configuration. A further analysis of AdSentinel showed that RealTimeLeads sends data to gateways like wistia.com, traffickle.com and videoll.com. The advertisements displayed via AdSentinel may feature the slogan 'Powered by RealTimeLeads' and can be reconfigured to list another name easily. Additionally, AdSentinel can redirect users to phishing pages, display iFrames, change the layout of a page and gather statistical information like your time spent online, IP address, browser type and Windows version. The AdSentinel adware has the potential to redirect users to compromised pages and exploit vulnerabilities in the browser. Cyber security experts recommend users eliminate the AdSentinel aware with the assistance of a reputable anti-malware utility.

Trending

Most Viewed

Loading...