Virus

Adware/Ablank

Analysis

Adware/Ablank.V original filename is tqwqw.dll. Once this dll Adware redirector is hook to a system, it may forward the following default pages to a customized pages integrated inside the dll file.

  • about:blank
  • Cannot find server
  • HTTP 401 (Unauthorized)
  • HTTP 403 (Forbidden)
  • HTTP 410 Gone
  • Internet Explorer Search
  • URL error

The entire javascript code is encrypted. By using unescape and eval functions of javascript, it can decrypt the code and text and write it to the browser.

This particular redirector uses a pin 37O49. And redirect most request to askthenet.net site. This also sends a hit count to www.trackhits.cc site.

The dll file has the visible text in it.

  • adware
  • auto insurance
  • blackjack
  • bonus server
  • breast enlargement
  • carisoprodol
  • casino
  • cialis
  • domain registration
  • firewall
  • free online dating
  • hydrocodone
  • merchant account
  • nevada incorporation
  • new Array('mortgage
  • online gambling
  • online pharmacy
  • party poker
  • paxil
  • personal photos
  • phentermine
  • popup blocker
  • prescription
  • roulette
  • rv finance
  • soft
  • spyware
  • texas holdem
  • valium
  • viagra
  • visa platinum
  • voice mail
  • webhosting
  • work at home
  • xanax