Threat Information for "BookedSpace"
| Summary | Top |
- Name: BookedSpace
- Aliases:HEUR/Trojan.Downloader, Win32:Trojan-gen. {VC}, Adware Generic.OSA, Adware.BookedSpace.I, Trojan.DownLoader.10588, Adware.BookedSpace
- Date Discovered: 2006-08-17
- Protection Added: 2006-08-17
| Description | Top |
-- Ease of Removal 1: File contents uniquely generated 2: Consistent file contents 3: Consistently named 4: Creates new registry entries with consistent data -- Damage/Intrusion/Annoyance 1: Autoruns at startup without an option to be disabled 2: Displays targeted popup advertisements [SPYWARE ONLY] -- Propagation/Saturation 1: Creates new files 2: Bundled with third-party applications [SPYWARE ONLY]
| Technical Details | Top |
- Added Directory/File:
FilePath: %WINDIR%\*.dat FileSize: 61952 - Added Directory/File:
FilePath: %USERSTARTUP%\*.exe MD5: 0d1fa8377c32c52636885be97ded1a50 - Added Directory/File:
FilePath: %WINDIR%\cfgmgr52.ini - Added Directory/File:
FilePath: %SYSTEMDIR%\*.dll MD5: 383e54fbadf47a091e0fc065d194f0cf - Added Directory/File:
FilePath: %WINDIR%\zAbstract\MYGEEK3.bsx - Added Directory/File:
FilePath: %CACHE%\package_NNSTP*.exe - Added Directory/File:
FilePath: %WINDIR%\libbz2.dll MD5: 81a8df15dff889b1a49ae33d196983c9 - Added Directory/File:
FilePath: %WINDIR%\cfgmgr52 - Added Directory/File:
FilePath: %WINDIR%\*.dll MD5: ab5cc6d18cba75efd4db1284b83a6c05 - Added Directory/File:
FilePath: %WINDIR%\zAbstract\ASI_SPEC.bsx - Added Directory/File:
FilePath: %TEMPDIR%\bs5*.tmpbsx32 - Added Directory/File:
FilePath: %WINDIR%\????????.ini FileSize: 143 - Added Directory/File:
FilePath: %WINDIR%\bsx32 - Added Directory/File:
FilePath: %WINDIR%\*.exe MD5: 335eda9c9fd2857e791823130daa36b1 - Added Directory/File:
FilePath: %WINDIR%\Uninstall.exe - Added Directory/File:
FilePath: %WINDIR%\cfg32?.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\*.dll MD5: ab5cc6d18cba75efd4db1284b83a6c05 - Added Directory/File:
FilePath: %WINDIR%\WinInit.ini - Added Directory/File:
FilePath: %WINDIR%\bsx32*.bsx - Added Directory/File:
FilePath: %WINDIR%\*.dll MD5: 383e54fbadf47a091e0fc065d194f0cf - Added Directory/File:
FilePath: %TEMPDIR%\zAb?.tmpzAbstract - Added Directory/File:
FilePath: %WINDIR%\cfg32.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: 0d1fa8377c32c52636885be97ded1a50 - Added Directory/File:
FilePath: %WINDIR%\zAbstract\SPZ5.bsx - Added Directory/File:
FilePath: %WINDIR%\*.dll MD5: 0a74f9dd2e107226366087cf5b786835 - Added Directory/File:
FilePath: %COMMONSTARTUP%\*.exe MD5: 0d1fa8377c32c52636885be97ded1a50 - Added Directory/File:
FilePath: %WINDIR%\cfgmgr52.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\*.dat FileSize: 61952 - Added Directory/File:
FilePath: %WINDIR%\zAbstract\EECH.bsx - Added Directory/File:
FilePath: %CACHE%\*.data*.zip - Added Directory/File:
FilePath: %WINDIR%\????????.ini FileSize: 149 - Added Directory/File:
FilePath: %WINDIR%\cfgmgr52\*.bsx - Added Directory/File:
FilePath: %WINDIR%\*.exe MD5: be92b91f52c12d5b8c6dc54acb0c6333 - Added Directory/File:
FilePath: %WINDIR%\zAbstract\ASI5AFF.bsx - Added Directory/File:
FilePath: %WINDIR%\bxxs5.dll - Added Directory/File:
FilePath: %WINDIR%\????????.dll FileSize: 458752 - Added Directory/File:
FilePath: %WINDIR%\bsx32.ini - Added Directory/File:
FilePath: %WINDIR%\*.exe MD5: 0d1fa8377c32c52636885be97ded1a50 - Added Directory/File:
FilePath: %CACHE%\cfg32*.exe - Added Directory/File:
FilePath: %WINDIR%\cfg32?.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: 335eda9c9fd2857e791823130daa36b1 - Added Directory/File:
FilePath: %WINDIR%\zAbstract - Added Registry Key:
Key: HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\AppID\{90A52F08-64AC-4DC6-9D7D-451667029898} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} - Added Registry Key:
Key: HKCR\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\KBBar.KBBarBand - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{41E74C20-8BBD-4B15-8C24-95BAC7B3BAC1} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} - Added Registry Key:
Key: HKCR\CLSID\{86492B2F-2C85-45dc-80D4-5AD75E0E12F8} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} - Added Registry Key:
Key: HKLM\%BHOREG%\{7564B020-44E8-4c9b-A887-C6EC41AC67DA} - Added Registry Key:
Key: HKLM\SOFTWARE\Configuration Manager - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} - Added Registry Key:
Key: HKCR\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CFG32S.Search - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14} - Added Registry Key:
Key: HKLM\SOFTWARE\Bookedspace - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\AppID\CFG32S.DLL - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898} - Added Registry Key:
Key: HKCR\BookedSpace.Extension.5 - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468} - Added Registry Key:
Key: HKCR\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\BookedSpace.Extension - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{7564B020-44E8-4c9b-A887-C6EC41AC67DA} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{86492B2F-2C85-45dc-80D4-5AD75E0E12F8} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{a1679513-764a-4efd-b94a-828f33eb98e2} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Scaggy.Insert.1 - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\TypeLib\{27A1CA0D-78CE-4E23-8A89-2C95C15954B3} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{E14BE951-04C2-8911-05A1-6C75E5072145} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{6C51F7E9-8542-4F25-A30F-2060157752E1} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357} - Added Registry Key:
Key: HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\AppID\{27A1CA0D-78CE-4e23-8A89-2C95C15954B3} - Added Registry Key:
Key: HKLM\%BHOREG%\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\BookedSpace.Extension - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} - Added Registry Key:
Key: HKCR\CLSID\{a1679513-764a-4efd-b94a-828f33eb98e2} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CFG32S.Search.1 - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{38493F7F-2922-4C6C-9A9A-8DA2C940D0EE} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} - Added Registry Key:
Key: HKCR\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\AppID\Scaggy.DLL - Added Registry Key:
Key: HKLM\%BHOREG%\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - Added Registry Key:
Key: HKCR\AppID\BookedSpace.DLL - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} - Added Registry Key:
Key: HKLM\SOFTWARE\CLASSES\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9} - Added Registry Key:
Key: HKCR\BookedSpace.Extension - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357} - Added Registry Key:
Key: HKLM\%BHOREG%\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - Added Registry Key:
Key: HKLM\SOFTWARE\zAbstract - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Scaggy.Insert - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468} - Added Registry Value:
Key: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks Value: {E14BE951-04C2-8911-05A1-6C75E5072145} - Added Registry Value:
Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar Value: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: cfgmgr52 - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: bxxs5 - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %WINDIR%\cfg32.exe
