Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


AdwareDropper


Aliases:

Adolff
AdwareDropper
AdwareDroper-A, Adware Dropper, Valentines Day E-Card, W32/Adware.Valentine

Malware

W32

Summary

On 12th of Februaru 2003 we received a report from a customer that he had got a suspicious message. The message looked like that:

YOU HAVE RECEIVED A VALENTINES DAY E-CARD!
 Greetings,
 Someone has sent you a Valentines Day E-Card ::: a virtual postcard from
 Valentines-ecard.com.
 To view your card please click the link below :
 <link to www.valentines-ecard.com site>
 ----------------------------------------------------------------------------------
 This card was provided by Valentines-ecard.com. Copyright 2003 All Rights Reserved

The link pointed to the page that provided the CARD.EXE file for download. The file contained an animated Valentines Day greeting card that looked like that:



The animated greeting card was installed on a hard drive and the uninstallation program for it was provided. But at the same time, the CARD.EXE file hiddenly dropped 3 adware/spyware files in Windows System folder:

HMEPGE.DLL
 HOTLINK.DLL
 IEBRW.DLL

These files are not malicious, they are adware/spyware components that help its makers to collect information about computer user's habits and provide him with appropriate advertisment. No personal information about a user is collected.

As these adware components were hiddenly dropped to computers without a user seeing and accepting a licence agreement, we consider the CARD.EXE file to be malicious. We added detection for this file into our anti-virus databases.

If you got the message mentioned above, please do not follow the link, do not download and run the CARD.EXE file.



Disinfection & Removal

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.








Technical Details: F-Secure Anti-Virus Research Team; February 13th, 2003



Submit a sample

Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)



F-Secure Community

Give advice. Get advice. Share the knowledge on our free discussion forum.