The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
01/01/1970

Adware.BDE

Type:  Adware
Discovered:  01.01.1970
Updated:  13.02.2007
Affected systems:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
AV Vendor:  Symantec

Description:


Adware.BDE is an adware program that displays animated advertisements. However, this adware application contains functionality so that any computer that has it installed will become part of a large network. At the time of this writing, this functionality was not enabled, although it can be remotely enabled at any time.
Also, because this functionality is not yet enabled, we do not know what it could be used for.

When Adware.BDE is installed, it does the following:
  • Inserts several files in the %System% folder.

    Note: %System% is a variable. The adware application locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • Creates the folders:

    • C:\BDE
    • C:\Windows\BDE
    • C:\Program Files\BDE

  • May add the value:

    "b3dupdate"

    to the registry subkey

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the program starts when you start Windows.

  • May add some of the following registry subkeys: 

    HKEY_CLASSES_ROOT\s3d_auto_file
    HKEY_CLASSES_ROOT\.b3d
    HKEY_CLASSES_ROOT\.b3dini
    HKEY_CLASSES_ROOT\b3d_auto_file
    HKEY_CLASSES_ROOT\b3dini_auto_file
    HKEY_CLASSES_ROOT\ADM25.ADM25
    HKEY_CLASSES_ROOT\ADM25.ADM25.1
    HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl
    HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl.1
    HKEY_ALL_USERS\Software\Brilliant Digital Entertainment
    HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller
    HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller.1
    HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25.1
    HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25
    HKEY_LOCAL_MACHINE\SOFTWARE\Brilliant Digital Entertainment
    HKEY_CLASSES_ROOT\CLSID\{51958169-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6}
    HKEY_CLASSES_ROOT\CLSID\{1D3BCE37-7834-4579-8169-E6781420A98}
    HKEY_CLASSES_ROOT\Interface\{51958167-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\Interface\{51958168-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\Interface\{258a3625-183b-4477-aee2-ea54df6d878d}
    HKEY_CLASSES_ROOT\Typelib\{51958166-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}
    HKEY_CLASSES_ROOT\TypeLib\{676F6D1D-C559-42A9-860B-27C1477B7179}
    HKEY_CLASSES_ROOT\Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6}
    HKEY_CLASSES_ROOT\CLSID\{3EEC42B5-FB94-40D3-A588-BB54B383A7CB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bdeplayer

    Removal instructions from Symantec Security Response Team



    Note:

    • There are legitimate programs that create a folder named BDE.
    • Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
    • The threat will attempts to associate itslef with the file extension '.b3d'. This extension is also used by legitimate applications. After successful removal of Adware.BDE, users should re-associate this file extension to its original file format if neccessary.
  • Update the definitions.
  • Uninstall the B3d projector using the Add/Remove Programs utility.
  • Find and delete the files, Bdeclean.exe and Bdeclean.lgc.
  • Run a full system scan and delete all the files detected as Adware.BDE.
  • Delete any keys that the uninstaller did not remove from the registry.
    For specific details on each of these steps, read the following instructions.

    1. Updating the definitions
    To obtain the most recent definitions, start your Symantec program and run LiveUpdate.


    2. Uninstalling the Adware
  • Do one of the following:
    • On the Windows 98 taskbar:
    • Click Start > Settings > Control Panel.
    • In the Control Panel window, double-click Add/Remove Programs.

    • On the Windows Me taskbar:
    • Click Start > Settings > Control Panel.
    • In the Control Panel window, double-click Add/Remove Programs.
      If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."

    • On the Windows 2000 taskbar:
      By default, Windows 2000 is set up the same as Windows 98. In that case, follow the instructions for Windows 98. Otherwise, click Start, point to Settings, point to Control Panel, and then click Add/Remove Programs.

    • On the Windows XP taskbar:
    • Click Start > Control Panel.
    • In the Control Panel window, double-click Add or Remove Programs.

  • Click B3d projector.

    Note: You may need to use the scroll bar to view the whole list.
  • Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

    3. Finding and deleting files using the Windows Find or Search utility

    Follow the instructions for your operating system:
    • Windows 95/98/Me/NT/2000
    • Click Start, point to Find or Search, and then click Files or Folders.
    • Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
    • In the "Named" or "Search for..." box, type, or copy and paste, the file names:

      Bdeclean.exe Bdeclean.lgc

    • Delete the displayed files.
    • Windows XP
    • Click Start, and then click Search.
    • Click All files and folders.
    • In the "All or part of the file name" box, type, or copy and paste, the file names:

      Bdeclean.exe Bdeclean.lgc

    • Verify that "Look in" is set to "Local Hard Drives" or to (C:).
    • Click "More advanced options."
    • Check "Search system folders."
    • Check "Search subfolders."
    • Click Search.
    • Delete the displayed files

    4. Scanning for and deleting the files
  • Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
  • Run a full system scan.
  • If any files are detected as Adware.BDE, click Delete.

    Notes:
    • If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
    • This is done to make sure that all the files are removed. If you ran the Add/Remove programs applet as described in the previous section, it is possible that all the files were removed, and therefore none will be detected.

    5. Deleting the keys from the registry

    WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
    Note: This is done to make sure that all the keys are removed. They may not be there if the uninstaller removed them.
  • Click Start, and then click Run. (The Run dialog box appears.)
  • Type regedit

    Then click OK. (The Registry Editor opens.)

  • Navigate to the following keys and delete them if present:

    HKEY_CLASSES_ROOT\s3d_auto_file
    HKEY_CLASSES_ROOT\.b3dini
    HKEY_CLASSES_ROOT\b3d_auto_file
    HKEY_CLASSES_ROOT\b3dini_auto_file
    HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl
    HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl.1
    HKEY_ALL_USERS\Software\Brilliant Digital Entertainment
    HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller
    HKEY_CLASSES_ROOT\BDESmartInstaller.BDESmartInstaller.1
    HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25.1
    HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25
    HKEY_LOCAL_MACHINE\SOFTWARE\Brilliant Digital Entertainment
    HKEY_CLASSES_ROOT\CLSID\{51958169-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6}
    HKEY_CLASSES_ROOT\Interface\{51958167-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\Interface\{51958168-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\Typelib\{51958166-D5E3-11D1-AA42-0000E842E40A}
    HKEY_CLASSES_ROOT\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}
    HKEY_CLASSES_ROOT\Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6}
    HKEY_CLASSES_ROOT\CLSID\{3EEC42B5-FB94-40D3-A588-BB54B383A7CB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bdeplayer

  • Exit the Registry Editor.

    Note: The '.b3d' extension may also be used by legitimate software. If necessary, reassociate the '.b3d' extension with the appropriate non-malicious application.


  • Security Advisories Database

    Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

    A remote attacker can execute arbitrary code on the target system.

    07/21/2015

    SQL Injection Vulnerability in Piwigo

    SQL inection vulnerability has been discovered in Piwigo.

    02/05/2015

    Cross-site Scripting Vulnerability in DotNetNuke

    A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

    02/05/2015

    Cross-site Scripting Vulnerability in Hitachi Command Suite

    A cross-site scripting vulnerability was found in Hitachi Command Suite.

    02/02/2015

    Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

    An attacker can perform a denial of service attack.

    01/30/2015

    Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

    An attacker can perform a denial of service attack.

    01/30/2015

    Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

    An attacker can perform a denial of service attack.

    01/30/2015

    Denial of service vulnerability in Linux Kernel splice

    An attacker can perform a denial of service attack.

    01/29/2015

    Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

    An attacker can perform a denial of service attack.

    01/20/2015