allentech.net

Home > Browser Parasites > Parasite Database > AdultBox

About Us

Online Stores

TQ Support

Web Services

Database Help

Tech Links

Projects

Online Manual

Browser Parasites

Privacy Policy

Contact us

Send Page

Limited Time!
Totally FREE Web Design!
Click here!

Blue Host

Parasite: AdultBox

This record last updated Tue Sep 20 2005 00:34:14

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

AdultBox is a system tray icon offering porn links. It comprises two processes run at Windows startup, ABox.exe (which provides the icon) and logon.exe (which downloads software updates). A downloader process may also be dropped in the Downloaded Program Files folder.

AdultBox is written and signed by software contractors RomanService (rsromanservice.it) and controlled by AdultFreeware (adultfreeware.net).

Also known as

Carmen (internal name), Fun Box (system tray icon name). Detected by Sophos anti-virus as Troj/Abox. The downloader process may be detected by Kaspersky anti-virus as TrojanDownloader.Win32.VB.fi.

Distribution

Drive-by download on pop-up adverts sourced through 7Adpower.

What it does

Advertising

No, as long as you don’t use the system tray icon.

Privacy violation

No.

Security issues

Yes. The logon.exe process can silently download and execute arbitrary unsigned code from its controlling FTP server 209.58.80.244 (fregamnet.com).

Stability problems

No.

Removal

The ‘uninstall’ entry on the system tray icon stops the main ABox.exe process, but leaves the logon.exe updater alone to potentially reinstall the software later.

Manual removal

Open the registry (click ‘Start’, choose ‘Run’, enter ‘regedit’) and select the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. On the right, right-click and delete the entries ‘ABox’ pointing to ABox.exe and ‘WinLogon’ pointing to logon.exe.

Restart the computer and you should be able to delete the files ABox.exe and logon.exe from the Windows folder (along with logon.txt, update.exe and ABox.bup which you will have if the software has updated itself). Open the Downloaded Program Files folder (inside the Windows folder) and delete the entry ‘{00000000-0000-0000-0000-000020040000}’. You can also delete the registry key HKEY_LOCAL_MACHINE\Software\Carmen to clean up if you like.

* Parasite information and detection script by Andrew Clover - www.doxdesk.com, used with permission.

For more information about Scumware, Spyware and Parasites, their sources and their cure, visit our About Parasites page and related Tech Links.

Visit our new services portal at Allen One for a completely new parasite database format, comming November 2005!

webmaster@allentech.net
Tech Bench
Web Analytics by My-OLAP!

Top