Adware/eSyndicate is an Adware Installer for the eSyndicate application.
|
|
The installer when executed will create a folder
eSyndicate in C:\Program Files
It then extracts the following files:
|
|
| esyn.dll |
| uninst.exe |
|
Registry is updated with a new key Esyn.Band into the following path:
|
|
| HKEY_CLASSES_ROOT\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ |
|
Also, a Browser Helper Object is inserted to the registry:
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC378B83-9577-44D0-B4F8-0DD965E176FC}]
|
|
After installing, the Adware sends an HTTP get to queue.jmnad1.com.
This pvoides a notification to that server that another machine has installed this adware.
|