1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Spyware Descriptions
  6. Adware:W32/WebRebates

Adware:W32/WebRebates

Name : Adware:W32/WebRebates
Detection Names : AdWare.Win32.WebRebates
Category:Spyware
Type:Adware
Platform:W32

Summary

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.

Details


Registry Modifications
Creates these keys:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Ebates   
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\unebmm350


Additional Details

This is a family description for the Adware:W32/WebRebates adware family. There are multiple variants in this family.

This adware may be distributed bundled with other application. It may also be silently downloaded onto the system when an unsuspecting user browses a malicious website.


Installation

During installation, the adware creates the following files:

  • %Program Files%\Ebates_MoeMoneyMaker\
  • %Temp%\jkill.exe
  • %Temp%\djebmm350.exe

It also creates the following registry entries to ensure its automatic execution every time the system starts:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    EbatesMoeMoneyMaker0    = "%Program Files%\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce  
    djebmm350.exe    = "%Temp%\djebmm350.exe"


Removal

This adware includes an uninstallation functionality and is listed as "Ebates Moe Money Maker" in the Add/Remove Applications menu in Control Panel.