Virus

Adware/Ablank

Adware/Ablank.V original filename is tqwqw.dll. Once this dll Adware redirector is hook to a system, it may forward the following default pages to a customized pages integrated inside the dll file.

	about:blank Cannot find server HTTP 401 (Unauthorized) HTTP 403 (Forbidden) HTTP 410 Gone Internet Explorer Search URL error

The entire javascript code is encrypted. By using unescape and eval functions of javascript, it can decrypt the code and text and write it to the browser.

This particular redirector uses a pin 37O49. And redirect most request to askthenet.net site. This also sends a hit count to www.trackhits.cc site.

The dll file has the visible text in it.

	adware auto insurance blackjack bonus server breast enlargement carisoprodol casino cialis domain registration firewall free online dating hydrocodone merchant account nevada incorporation new Array('mortgage online gambling online pharmacy party poker paxil personal photos phentermine popup blocker prescription roulette rv finance soft spyware texas holdem valium viagra visa platinum voice mail webhosting work at home xanax

ID	52213
Released	Dec 30, 2005
Description Updated	Mar 13, 2007
Aliases	AdWare.SearchPage [VBA32], Adware/Ablank.V, Adware/Startpage.VQ [Panda], JS.Winshow.Q [Sybari], not-a-virus:AdWare.SearchPage [Kaspersky], StartPage-DU.dll [McAfee], Startpage.19.AO [AVG], Startpage.ARD [Norman], Trojan.Downloader.Winshow.AK [BitDefender],
Platform Profile	Adware typically display advertising content to the user. This advertising content may take many forms, but is typically in the form of web browser pop-up advertisements. In most circumstances, the user is not aware of the Adware component being installed on the local machine.