Updated: July 29, 2019 7:40:16 AM
Type: Adware
Infection Length: Varies
Name: 4Shared Desktop
Version: 4.0.2.6
Publisher: New IT Limited
Risk Impact: High
Systems Affected: Windows
Behavior
Adware.4SharedDesktop is a program that modifies browser settings and displays out-of-context pop-up advertisements on the computer.
Technical Description
When the program is executed, it creates the following files:
- %ProgramFiles%\4shared Desktop\desktop.exe
- %ProgramFiles%\4shared Desktop\Desktop32.dll
- %ProgramFiles%\4shared Desktop\license.txt
- %ProgramFiles%\4shared Desktop\readme.txt
- %ProgramFiles%\4shared Desktop\ssleay32.dll
- %ProgramFiles%\4shared Desktop\uninstall.exe
- %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\4shared Tools\4shared Desktop.lnk
- %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\4shared Tools\Uninstall.lnk
- %SystemDrive%\Documents and Settings\AutoVM\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk
- %SystemDrive%\Documents and Settings\AutoVM\Application Data\4shared Desktop\errors.log
- %SystemDrive%\Documents and Settings\AutoVM\Cookies\autovm@4shared[2].txt
- %SystemDrive%\Documents and Settings\AutoVM\Desktop\4shared Desktop.lnk
The program then creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\4shared_Desktop\”” = “{EBDF1F20-C829-11D1-8233-0020AF3E97A9}”
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\shellex\ContextMenuHandlers\4shared_Desktop\”” = “{EBDF1F20-C829-11D1-8233-0020AF3E97A9}”
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellEx\ContextMenuHandlers\4shared_Desktop\”” = “{EBDF1F20-C829-11D1-8233-0020AF3E97A9}”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared Desktop\”DisplayName” = “4shared Desktop”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared Desktop\”DisplayIcon” = “%ProgramFiles%\4shared Desktop\desktop.exe,0”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared Desktop\”UninstallString” = “%ProgramFiles%\4shared Desktop\uninstall.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared Desktop\”NoModify” = “1”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared Desktop\”NoRepair” = “1”
- HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”Install_Dir” = “%ProgramFiles%\4shared Desktop”
- HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”AppPath” = “%ProgramFiles%\4shared Desktop\desktop.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”Install_Date” = “43675”
- HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”Build” = “402”
- HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”Source” = “desktop”
- HKEY_LOCAL_MACHINE\SOFTWARE\4shared Desktop\”Install_Lang” = “1033”
The program displays an end-user license agreement (EULA) after it has been installed.
The program modifies the browser settings to add the following site under allowed notifications:
- www.4shared.com
The program then displays out-of-context pop-up advertisements on the computer.
You may use Anti Virus for this risk.
Before proceeding further we recommend that you run a full system scan