The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
01/01/1970

Adware.Bookedspace

Type:  Adware
Discovered:  01.01.1970
Updated:  13.02.2007
Affected systems:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
AV Vendor:  Symantec

Description:


During installation, Adware.Bookedspace does not display any information on screen. Instead, it relies on a third-party product to do so.

When Adware.Bookedspace is installed, it performs the following actions:
  • Adds the value:

    "[name of .dll file]" = "RunDLL32.exe [path to .dll file], DllRun"

    to the registry key:

    HKey_Local_Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that Adware.Bookedspace executes each time Windows starts.

    Note: [name of .dll file] and [path to .dll file] are variables representing the name of the adware .dll file and the path to that adware .dll file, respectively.
  • Creates the registry keys:

    HKEY_CLASSES_ROOT\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
    HKEY_CLASSES_ROOT\AppID\{0DC5CD7C-F603-4417-AA43-D457BE3A9622}
    HKEY_CLASSES_ROOT\AppID\{C3C54527-7B65-4EE9-9FE3-9BC61E9B9880}
    HKEY_CLASSES_ROOT\AppID\{5CD19420-B328-47D5-A55F-1C07638EFDF8}
    HKEY_CLASSES_ROOT\AppID\BookedSpace.DLL
    HKEY_CLASSES_ROOT\AppID\Remanent.DLL
    HKEY_CLASSES_ROOT\BookedSpace.Extension.5
    HKEY_CLASSES_ROOT\BookedSpace.Extension.3
    HKEY_CLASSES_ROOT\BookedSpace.Extension
    HKEY_CLASSES_ROOT\Remanent.Helper
    HKEY_CLASSES_ROOT\Remanent.Helper.1
    HKEY_CLASSES_ROOT\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
    HKEY_CLASSES_ROOT\CLSID\{2B3452C5-1B9A-440F-A203-F6ED0F64C895}
    HKEY_CLASSES_ROOT\CLSID\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}
    HKEY_CLASSES_ROOT\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
    HKEY_CLASSES_ROOT\TypeLib\{C3C54527-7B65-4EE9-9FE3-9BC61E9B9880}
    HKEY_CLASSES_ROOT\TypeLib\{5CD19420-B328-47D5-A55F-1C07638EFDF8}
    HKEY_CLASSES_ROOT\Interface\{05080E6B-A88A-4CFD-8C3D-982557670B6E}
    HKEY_CLASSES_ROOT\Interface\{AE640486-0E29-4F7E-BF38-9CBE7140AEFB}
    HKEY_CLASSES_ROOT\Interface\{56EBFFE6-9557-46C2-A322-DB1DF5CAF199}
    HKEY_LOCAL_MACHINE\SOFTWARE\Bookedspace
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B3452C5-1B9A-440F-A203-F6ED0F64C895}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}

  • Displays the pop-up windows with advertisements.

    Removal instructions from Symantec Security Response Team


    The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

  • Update the definitions.
  • Run a full system scan and delete all the files detected as Adware.Bookedspace.
  • Delete the value that was added to the registry.
  • Unregister the .dll file, if necessary.
    For specific details on each of these steps, read the following instructions.

    1. To update the definitions
    To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

    2. To scan for and delete the files
  • Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
  • Run a full system scan.
  • If any files are detected as Adware.Bookedspace, click Delete.
  • If the files cannot be deleted, note the name and path of the file, and then finish the scan. Follow the instructions in step 3, restart the computer, and then complete step 4, "Unregistering the .dll file."
    3. To delete the value from the registry
    WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
  • Click Start, and then click Run. (The Run dialog box appears.)
  • Type regedit

    Then click OK. (The Registry Editor opens.)

  • Navigate to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  • Navigate to and delete the following subkeys:

    HKEY_CLASSES_ROOT\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
    HKEY_CLASSES_ROOT\AppID\{0DC5CD7C-F603-4417-AA43-D457BE3A9622}
    HKEY_CLASSES_ROOT\AppID\{C3C54527-7B65-4EE9-9FE3-9BC61E9B9880}
    HKEY_CLASSES_ROOT\AppID\{5CD19420-B328-47D5-A55F-1C07638EFDF8}
    HKEY_CLASSES_ROOT\AppID\BookedSpace.DLL
    HKEY_CLASSES_ROOT\AppID\Remanent.DLL
    HKEY_CLASSES_ROOT\BookedSpace.Extension.5
    HKEY_CLASSES_ROOT\BookedSpace.Extension.3
    HKEY_CLASSES_ROOT\BookedSpace.Extension
    HKEY_CLASSES_ROOT\Remanent.Helper
    HKEY_CLASSES_ROOT\Remanent.Helper.1
    HKEY_CLASSES_ROOT\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
    HKEY_CLASSES_ROOT\CLSID\{2B3452C5-1B9A-440F-A203-F6ED0F64C895}
    HKEY_CLASSES_ROOT\CLSID\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}
    HKEY_CLASSES_ROOT\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
    HKEY_CLASSES_ROOT\TypeLib\{C3C54527-7B65-4EE9-9FE3-9BC61E9B9880}
    HKEY_CLASSES_ROOT\TypeLib\{5CD19420-B328-47D5-A55F-1C07638EFDF8}
    HKEY_CLASSES_ROOT\Interface\{05080E6B-A88A-4CFD-8C3D-982557670B6E}
    HKEY_CLASSES_ROOT\Interface\{AE640486-0E29-4F7E-BF38-9CBE7140AEFB}
    HKEY_CLASSES_ROOT\Interface\{56EBFFE6-9557-46C2-A322-DB1DF5CAF199}
    HKEY_LOCAL_MACHINE\SOFTWARE\Bookedspace
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B3452C5-1B9A-440F-A203-F6ED0F64C895}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}

  • In the right pane, delete the value:

    "[name of .dll file]" = "RunDLL32.exe [path to .dll file], DllRun"

  • Exit the Registry Editor.

    4. To unregister the .dll file, if necessary
    Note: Follow these steps only if you were unable to delete the files in step 2c.
  • Click Start, and then click Run. (The Run dialog box appears.)

  • Type, or copy and paste, the following text:

    regsvr32 /u "[path to .dll file]"

    where [path to .dll file] is the path and file name written in step 2d. An example would look like this:

    regsvr32 /u "c:\windows\system32\oo4.dll"

  • Click OK.

  • If a dialog box confirming this action appears, click OK.

  • Run another scan, deleting any files detected as Adware.Bookedspace.


  • Security Advisories Database

    Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

    A remote attacker can execute arbitrary code on the target system.

    07/21/2015

    SQL Injection Vulnerability in Piwigo

    SQL inection vulnerability has been discovered in Piwigo.

    02/05/2015

    Cross-site Scripting Vulnerability in DotNetNuke

    A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

    02/05/2015

    Cross-site Scripting Vulnerability in Hitachi Command Suite

    A cross-site scripting vulnerability was found in Hitachi Command Suite.

    02/02/2015

    Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

    An attacker can perform a denial of service attack.

    01/30/2015

    Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

    An attacker can perform a denial of service attack.

    01/30/2015

    Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

    An attacker can perform a denial of service attack.

    01/30/2015

    Denial of service vulnerability in Linux Kernel splice

    An attacker can perform a denial of service attack.

    01/29/2015

    Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

    An attacker can perform a denial of service attack.

    01/20/2015