Home > Threat descriptions >

AdwareDropper

Classification

Category:  Spyware

Type:  Adware

Platform:  W32

Aliases:  Adolff, AdwareDropper, AdwareDroper-A, Adware Dropper, Valentines Day E-Card, W32/Adware.Valentine

Summary


On 12th of Februaru 2003 we received a report from a customer that he had got a suspicious message. The message looked like that:

YOU HAVE RECEIVED A VALENTINES DAY E-CARD!
 Greetings,
 Someone has sent you a Valentines Day E-Card ::: a virtual postcard from
 Valentines-ecard.com.
 To view your card please click the link below :
 
 ----------------------------------------------------------------------------------
 This card was provided by Valentines-ecard.com. Copyright 2003 All Rights Reserved

The link pointed to the page that provided the CARD.EXE file for download. The file contained an animated Valentines Day greeting card that looked like that:

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


The animated greeting card was installed on a hard drive and the uninstallation program for it was provided. But at the same time, the CARD.EXE file hiddenly dropped 3 adware/spyware files in Windows System folder:

HMEPGE.DLL
 HOTLINK.DLL
 IEBRW.DLL

These files are not malicious, they are adware/spyware components that help its makers to collect information about computer user's habits and provide him with appropriate advertisment. No personal information about a user is collected.

As these adware components were hiddenly dropped to computers without a user seeing and accepting a licence agreement, we consider the CARD.EXE file to be malicious. We added detection for this file into our anti-virus databases.

If you got the message mentioned above, please do not follow the link, do not download and run the CARD.EXE file.