Adware.4SharedDesktop

Updated: July 29, 2019 7:40:16 AM
Type: Adware
Infection Length: Varies
Name: 4Shared Desktop
Version: 4.0.2.6
Publisher: New IT Limited
Risk Impact: High
Systems Affected: Windows

Behavior

Adware.4SharedDesktop is a program that modifies browser settings and displays out-of-context pop-up advertisements on the computer.

Technical Description

When the program is executed, it creates the following files:

  • %ProgramFiles%\4shared Desktop\desktop.exe
  • %ProgramFiles%\4shared Desktop\Desktop32.dll
  • %ProgramFiles%\4shared Desktop\license.txt
  • %ProgramFiles%\4shared Desktop\readme.txt
  • %ProgramFiles%\4shared Desktop\ssleay32.dll
  • %ProgramFiles%\4shared Desktop\uninstall.exe
  • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\4shared Tools\4shared Desktop.lnk
  • %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\4shared Tools\Uninstall.lnk
  • %SystemDrive%\Documents and Settings\AutoVM\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk
  • %SystemDrive%\Documents and Settings\AutoVM\Application Data\4shared Desktop\errors.log
  • %SystemDrive%\Documents and Settings\AutoVM\Cookies\autovm@4shared[2].txt
  • %SystemDrive%\Documents and Settings\AutoVM\Desktop\4shared Desktop.lnk

The program then creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\4shared_Desktop\”” = “{EBDF1F20-C829-11D1-8233-0020AF3E97A9}”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\shellex\ContextMenuHandlers\4shared_Desktop\”” = “{EBDF1F20-C829-11D1-8233-0020AF3E97A9}”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellEx\ContextMenuHandlers\4shared_Desktop\”” = “{EBDF1F20-C829-11D1-8233-0020AF3E97A9}”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared Desktop\”DisplayName” = “4shared Desktop”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared Desktop\”DisplayIcon” = “%ProgramFiles%\4shared Desktop\desktop.exe,0”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared Desktop\”UninstallString” = “%ProgramFiles%\4shared Desktop\uninstall.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared Desktop\”NoModify” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared Desktop\”NoRepair” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”Install_Dir” = “%ProgramFiles%\4shared Desktop”
  • HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”AppPath” = “%ProgramFiles%\4shared Desktop\desktop.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”Install_Date” = “43675”
  • HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”Build” = “402”
  • HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”Source” = “desktop”
  • HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”Install_Lang” = “1033”

The program displays an end-user license agreement (EULA) after it has been installed.

The program modifies the browser settings to add the following site under allowed notifications:

  • www.4shared.com

The program then displays out-of-context pop-up advertisements on the computer.

 

You may use Anti Virus for this risk.

Before proceeding further we recommend that you run a full system scan

Leave a Reply

Your email address will not be published. Required fields are marked *