Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CashBack' = '%PROGRAM_FILES%\CashBack\bin\cashback.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NaviSearch' = '%PROGRAM_FILES%\NaviSearch\bin\nls.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BullsEye Network' = '%PROGRAM_FILES%\BullsEye Network\bin\bargains.exe'
- %PROGRAM_FILES%\BullsEye Network\bin\bargains.exe
- %PROGRAM_FILES%\NaviSearch\bin\nls.exe
- <SYSTEM32>\exdl3.exe 3~0
- <SYSTEM32>\exdl1.exe 1~0
- <SYSTEM32>\exdl2.exe 2~0
- %WINDIR%\nls8039_MEDIAWHIZ8.exe
- %WINDIR%\adp8040_MEDIAWHIZ8.exe
- %WINDIR%\cb8040_MEDIAWHIZ8.exe
- %PROGRAM_FILES%\CashBack\bin\cashback.exe
- %WINDIR%\exdl.exe 3~No 2~No 1~No
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\mscb.dll
- %WINDIR%\explorer.exe "http://www.na###earch.net/redir/fc_install_redir.html"
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\msbe.dll
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\nvms.dll
- %PROGRAM_FILES%\CashBack\logo.gif
- %PROGRAM_FILES%\CashBack\bin\cashback.exe
- %PROGRAM_FILES%\CashBack\blank.gif
- %PROGRAM_FILES%\CashBack\icon.gif
- C:\temp\bb_click_wider.swf
- C:\temp\bb_auto_wider.swf
- %PROGRAM_FILES%\CashBack\bin\cb.exe
- %PROGRAM_FILES%\CashBack\bin\flash.exe
- %PROGRAM_FILES%\CashBack\bb_welcome1.swf
- %PROGRAM_FILES%\CashBack\flash.exe
- %PROGRAM_FILES%\CashBack\template.html
- %PROGRAM_FILES%\CashBack\cashback.exe
- %PROGRAM_FILES%\CashBack\cb.exe
- %PROGRAM_FILES%\CashBack\bb_auto_wider.swf
- %PROGRAM_FILES%\CashBack\bb_welcome.html
- %PROGRAM_FILES%\CashBack\template2.html
- %PROGRAM_FILES%\CashBack\bb_click_wider.swf
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\webservice[1].main
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\webservice[1].main
- <SYSTEM32>\exdl2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\webservice[1].main
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\fc_install_redir[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\webservice[2].main
- <SYSTEM32>\t1309777167.dec
- <SYSTEM32>\exdl1.exe
- <SYSTEM32>\exdl3.exe
- C:\temp\blank.gif
- C:\temp\icon.gif
- C:\temp\bb_welcome.html
- C:\temp\bb_welcome1.swf
- %PROGRAM_FILES%\CashBack\Uninstall.exe
- %PROGRAM_FILES%\NaviSearch\t1309777160.dec
- C:\temp\logo.gif
- <SYSTEM32>\mscb.dll
- %WINDIR%\adp8040_MEDIAWHIZ8.exe
- %TEMP%\nsp4.tmp
- %WINDIR%\exclean.exe
- <SYSTEM32>\exclean.exe
- %PROGRAM_FILES%\BullsEye Network\adx.exe
- %PROGRAM_FILES%\BullsEye Network\msbe.dll
- %PROGRAM_FILES%\BullsEye Network\bargains.exe
- %PROGRAM_FILES%\BullsEye Network\adv.exe
- <SYSTEM32>\bbchk.exe
- %WINDIR%\exul.exe
- %WINDIR%\bbchk.exe
- %TEMP%\nso2.tmp
- %WINDIR%\exdl.exe
- <SYSTEM32>\exul.exe
- <SYSTEM32>\javexulm.vxd
- <SYSTEM32>\exdl.exe
- <SYSTEM32>\mqexdlm.srg
- %PROGRAM_FILES%\NaviSearch\ad.dat
- <SYSTEM32>\nvms.dll
- %PROGRAM_FILES%\NaviSearch\ad-nls.dat
- %PROGRAM_FILES%\NaviSearch\bin\nls.exe
- %TEMP%\nsf8.tmp
- %PROGRAM_FILES%\CashBack\mscb.dll
- %PROGRAM_FILES%\NaviSearch\Uninstall.exe
- %WINDIR%\cb8040_MEDIAWHIZ8.exe
- %PROGRAM_FILES%\NaviSearch\nls.exe
- %PROGRAM_FILES%\BullsEye Network\bin\adx.exe
- <SYSTEM32>\msbe.dll
- %PROGRAM_FILES%\BullsEye Network\bin\bargains.exe
- %PROGRAM_FILES%\BullsEye Network\bin\adv.exe
- %TEMP%\nsn6.tmp
- %PROGRAM_FILES%\NaviSearch\nvms.dll
- %PROGRAM_FILES%\BullsEye Network\Uninstall.exe
- %WINDIR%\nls8039_MEDIAWHIZ8.exe
- %WINDIR%\cb8040_MEDIAWHIZ8.exe
- %WINDIR%\exdl.exe
- %PROGRAM_FILES%\CashBack\flash.exe
- %PROGRAM_FILES%\CashBack\cashback.exe
- %PROGRAM_FILES%\CashBack\cb.exe
- %PROGRAM_FILES%\NaviSearch\t1309777160.dec
- <SYSTEM32>\t1309777167.dec
- %WINDIR%\exclean.exe
- %WINDIR%\exul.exe
- %WINDIR%\bbchk.exe
- %PROGRAM_FILES%\BullsEye Network\adx.exe
- %WINDIR%\adp8040_MEDIAWHIZ8.exe
- %PROGRAM_FILES%\BullsEye Network\adv.exe
- %PROGRAM_FILES%\BullsEye Network\msbe.dll
- %PROGRAM_FILES%\BullsEye Network\bargains.exe
- %WINDIR%\nls8039_MEDIAWHIZ8.exe
- %PROGRAM_FILES%\CashBack\mscb.dll
- %PROGRAM_FILES%\NaviSearch\ad-nls.dat
- %PROGRAM_FILES%\NaviSearch\nvms.dll
- %PROGRAM_FILES%\NaviSearch\nls.exe
- 'www.na###earch.net':80
- 'ad#####r.outblaze.com':80
- 'se######.bargain-buddy.net':80
- 'localhost':1043
- ad#####r.outblaze.com/scripts/adpopper/webservice.main?ve############################################
- www.na###earch.net/redir/fc_install_redir.html
- se######.bargain-buddy.net/scripts/adpopper/webservice.main?ve##################################################
- DNS ASK ad#####r.outblaze.com
- DNS ASK www.na###earch.net
- DNS ASK se######.bargain-buddy.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'ThunderRT6Main' WindowName: 'CashBack by BargainBuddy'
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'adp_wnd_class' WindowName: 'adp module'
- ClassName: 'adp_wnd_class' WindowName: 'adp'
- ClassName: 'cashback_wnd_class' WindowName: 'cashback module'
- ClassName: 'nls_wnd_class' WindowName: 'nls module'