1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Adware:W32/UrlSpy

Adware:W32/UrlSpy

Name : Adware:W32/UrlSpy
Detection Names : AdWare.Win32.UrlSpy
Aliases : Adware.IEHost (Symantec)
Adware:Win32/IEHost (Microsoft)
Category:Spyware
Type:Adware
Platform:W32

Summary

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.

Details


Network Connections
Attempts to connect to:

  • www.103092804.com
  •  www.adsrve.com
  •  myfiledistribution.com


    • Additional Details

    UrlSpy is an adware program that replaces the native Microsoft Internet Explorer searchbar with its own custom search function. Searching in UrlSpy's custom search redirects users to sites designated by the adware program; these sites may contain advertisements.


    Installation

    During installation, UrlSpy drops these files:

    •  %SysDrive%\Program Files\Common Files\[Random].exe
    •  %System%\[Random].exe
    •  %System%\[Random].exe
    •  %System%\[Random].exe
    •  %System%\pinstaller.exe
    •  %System%\Searchx.htm


    Registry

    During installation, the program creates the following keys:

    •  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run = %System%\[Random].exe

    The following key is modified to set Internet Explorer to use the adware's custom search function:

    •  HKCU\Software\Microsoft\Internet Explorer\Main
          Use Custom Search URL     = 0x00000001          
          Search Bar         = %System%\Searchx.htm