Adware/BetterInternet

Alias/esAdware/Binet
Release DateMay 01, 2004
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 12.323
Description

Visible Symptoms

  • Compromised systems display popup ads for AbetterInternet.com

Detailed Analysis

This Adware is a utility that downloads files and "upgrades" software. The files are commonly retrieved from these web sites -

www.abetterinternet.com
download.abetterinternet.com

The executable programs initially connect to 'thinstall.abetterinternet.com' to download additional files. The following files are secretly downloaded and detected as follows:

Ceres.cab => Adware/Betterinternet
Csnopol.cab => Adware/Betterinternet
Polau2c.exe => Download/Agent.AY
Farmmext.exe => Download/Stubby.C

After downloading, the Cab files are installed in the system and the exe programs are copied into the System32 directory. These exe files, Farmmext.exe and Ceres.DLL (from Ceres.cab), are hooked up into the registry to execute whenever the system is started.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrenVersion\Run
Description Last Updated Date: Feb 23, 2005
Reference: ID - 320977