Security Bulletins
Latest Malware Updates
Downloader.Busadom!g102/27/2015Infostealer.Posteal02/26/2015Downloader.Busadom02/26/2015Trojan.Ladocosm02/26/2015SONAR.SuspDocRun02/25/2015SONAR.SuspHelpRun02/25/2015W32.Tempedreve.D!inf02/25/2015SONAR.PUA!AlnadInsta02/25/2015SONAR.Infostealer!g502/25/2015SONAR.Infostealer!g402/25/2015 |
01/01/1970
Adware.BroadcastpcType: AdwareDiscovered: 01.01.1970 Updated: 13.02.2007 Affected systems: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP AV Vendor: Symantec Description: Adware.Broadcastpc may download the following risks: When Adware.Broadcastpc is installed, it does the following:
HKEY_LOCAL_MACHINE\SOFTWARE\BTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\BTV HKEY_LOCAL_MACHINE\SOFTWARE\RVP HKEY_LOCAL_MACHINE\SOFTWARE\DInstaller2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\RVP HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\{94A9AE37-78DD-4D81-97D3-811C430D836F} HKEY_CLASSES_ROOT\Installer\Features\73EA9A49DD8718D4793D18C134D038F6 HKEY_CLASSES_ROOT\installer\Products\73EA9A49DD8718D4793D18C134D038F6 HKEY_CLASSES_ROOT\Installer\UpgradeCodes\73EA9A49DD8718D4793D18C134D038F6 HKEY_CLASSES_ROOT\Installer\UpgradeCodes\110354A0F168B7048A589C28467DD7F0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UpgradeCodes\110354A0F168B7048A589C28467DD7F0 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\267D785DF5F798C4D96209DA9571EAAC HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\749A28E30FDE46846A8A43EC961357D1 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\8AD5E2611737F8F478AAF4B44FB477B4 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\9507EA438FB8F1549A97B9033CA90876 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\970B9177774A9FB4FAFC497848762F06 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\B9E252750F96E384F826B6441D51DE3E HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\CEF1CC72125C4FB49BA10B449A2093A5 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\E2513A0406B12184BB0AAAD2F46044C1 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\EBDBE77772BB25C4F883B0220F1A7460 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\FCD7D10BE9EEF954D8C3FD02E7289DAF HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Products\73EA9A49DD8718D4793D18C134D038F6 "RVP" = "%ProgramFiles%\RVP\bpc.exe" "BPCV2" = "%ProgramFiles%\BPC_Search\BPCV2.exe" "DI2" = "[RANDOM PATH]" "Breg" = "%ProgramFiles%\common files\JAVA\breg.exe" "btv" = "%ProgramFiles%\btv\btv.exe" "tvs_b" = "%ProgramFiles%\tvs\tvs_b.exe" to the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVerion\Run so that the Adware runs every time Windows starts. "BtvC" = "%ProgramFiles%\btv\btvclean.exe" "tvs_re" = "%ProgramFiles%\Java\tvs_re_inst.exe" to the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVerion\RunOnce so that the Adware runs when Windows starts. "%ProgramFiles%\BPC_Search\" = "" "%UserProfile%\Start Menu\Programs\BroadcastPC 2.0\" = "" to the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders Removal instructions from Symantec Security Response Team
For specific details on each of these steps, read the following instructions. 1. To update the definitions To obtain the most recent definitions, start your Symantec program and run LiveUpdate. 2. To uninstall the security risk This security risk includes an uninstallation applet. In order to uninstall this security risk, complete the following instructions: Windows Me only: If you do not see the Add/Remove Programs icon, click ...view all Control Panel options. Note: You may need to use the scroll bar to view the whole list. Note: After running the Add/Remove programs applet, all the files may have been removed. You will want to run a full system scan to ensure that this is the case. However, it is possible that no files will be detected after using Add/Remove programs. 3. To run the scan Note: This applies only to versions of Norton AntiVirus that support security risk detection. If you are running a version of Symantec AntiVirus Corporate Edition that supports security risk detection, and security risk detection has been enabled, you will only see a message box that gives the results of the scan. If you have questions in this situation, contact your network administrator.
After the files are deleted, restart the computer in Normal mode and proceed with the next section. Warning messages may be displayed when the computer is restarted, since the risk may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following: Title: [File path] Message body: Windows cannot find [file name]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search. Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document: How to make a backup of the Windows registry. Then click OK. Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal. HKEY_LOCAL_MACHINE\SOFTWARE\BTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\BTV HKEY_LOCAL_MACHINE\SOFTWARE\RVP HKEY_LOCAL_MACHINE\SSOFTWARE\DInstaller2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\RVP HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\{94A9AE37-78DD-4D81-97D3-811C430D836F} HKEY_CLASSES_ROOT\Installer\Features\73EA9A49DD8718D4793D18C134D038F6 HKEY_CLASSES_ROOT\installer\Products\73EA9A49DD8718D4793D18C134D038F6 HKEY_CLASSES_ROOT\Installer\UpgradeCodes\73EA9A49DD8718D4793D18C134D038F6 HKEY_CLASSES_ROOT\Installer\UpgradeCodes\110354A0F168B7048A589C28467DD7F0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UpgradeCodes\110354A0F168B7048A589C28467DD7F0 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\267D785DF5F798C4D96209DA9571EAAC HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\749A28E30FDE46846A8A43EC961357D1 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\8AD5E2611737F8F478AAF4B44FB477B4 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\9507EA438FB8F1549A97B9033CA90876 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\970B9177774A9FB4FAFC497848762F06 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\B9E252750F96E384F826B6441D51DE3E HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\CEF1CC72125C4FB49BA10B449A2093A5 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\E2513A0406B12184BB0AAAD2F46044C1 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\EBDBE77772BB25C4F883B0220F1A7460 HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Components\FCD7D10BE9EEF954D8C3FD02E7289DAF HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer \UserData\S-1-5-18\Products\73EA9A49DD8718D4793D18C134D038F6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "RVP" = "%ProgramFiles%\RVP\bpc.exe" "BPCV2" = "%ProgramFiles%\BPC_Search\BPCV2.exe" "DI2" = "[RANDOM PATH]" "Breg" = "%ProgramFiles%\common files\JAVA\breg.exe" "btv" = "%ProgramFiles%\btv\btv.exe" "tvs_b" "C:\program files\tvs\tvs_b.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders "%ProgramFiles%\BPC_Search\" = "" "%UserProfile%\Start Menu\Programs\BroadcastPC 2.0\" = "" HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows\CurrentVerion\RunOnce "BtvC" = "%ProgramFiles%\btv\btvclean.exe" "tvs_re" "%ProgramFiles%\Common Files\Java\tvs_re_inst.exe" |
Security Advisories Database
Remote Code Execution Vulnerability in Microsoft OpenType Font DriverA remote attacker can execute arbitrary code on the target system. 07/21/2015Multiple Vulnerabilities in Linux kernel03/04/2015SQL Injection Vulnerability in PiwigoSQL inection vulnerability has been discovered in Piwigo. 02/05/2015Cross-site Scripting Vulnerability in DotNetNukeA cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke. 02/05/2015Cross-site Scripting Vulnerability in Hitachi Command SuiteA cross-site scripting vulnerability was found in Hitachi Command Suite. 02/02/2015Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk HandlingAn attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-ForwardsAn attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"An attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in Linux Kernel spliceAn attacker can perform a denial of service attack. 01/29/2015Denial of service vulnerability in Python Pillow Module PNG Text Chunks DecompressionAn attacker can perform a denial of service attack. 01/20/2015 |