Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.Adtest

Adware.Adtest

Updated:
February 13, 2007
Risk Impact:
High
File Names:
%System%\intnets.exe %System%\scridows.exe %System%\sysinfer.exe %Windir%\msfiles.exe Note: %S
Systems Affected:
Windows

Behavior


Adware.Adtest directs you to a Chinese portal site.

Behavior


Download.Trojan drops the file, or it can be picked up by visiting one of the portal sites.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version September 17, 2003
  • Latest Daily Certified version January 26, 2015 revision 023
  • Initial Weekly Certified release date September 17, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When Adware.Adtest runs, it performs the following actions:
  1. Adds the values:

    "intnets" = "%System%\intnets.exe"
    "sysinfer" = "%System%\sysinfer.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the adware runs when you start Windows.

  2. Adds the following line to the Win.ini file on Windows 95/98/Me computers:

    [Windows]
    run = %Windir%\msfiles.exe

  3. Changes the Internet Explorer home page by creating the value:

    "StartPage" = "http:\ \HAO3344.com"

    in the registry key:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

  4. On Windows NT/2000/XP computers, it adds the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load\intnets

    with the value:

    "%System%\intnets.exe"






Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
  1. Update the virus definitions.
  2. Uninstall the program using the Add/Remove Programs utility.
  3. Run a full system scan and delete all the files detected as Adware.Adtest.
  4. Delete the value that was added to the registry.
  5. Remove the Run= line from the Win.ini (Windows 95/98/Me).
For specific details on each of these steps, read the following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
  • Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
  • Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

    The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

2. Uninstalling the Adware
  1. Do one of the following:
    • On the Windows 98 taskbar:
      1. Click Start > Settings > Control Panel.
      2. In the Control Panel window, double-click Add/Remove Programs.

    • On the Windows Me taskbar:
      1. Click Start > Settings > Control Panel.
      2. In the Control Panel window, double-click Add/Remove Programs.
        If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."

    • On the Windows 2000 taskbar:
      By default, Windows 2000 is set up the same as Windows 98, in which case, follow the instructions for Windows 98. Otherwise, click Start, point to Settings, point to Control Panel, and then click Add/Remove Programs.

    • On the Windows XP taskbar:
      1. Click Start > Control Panel.
      2. In the Control Panel window, double-click Add or Remove Programs.

  2. The Program Name is in Chinese. On non-Chinese Windows systems, this appears as random incomprehensible characters. Select this application.

    Caution:
    If your system runs more than one DBCS-named application, be sure you are uninstalling the correct one.

    You may need to use the scroll bar to view the whole list.

  3. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

3. Scanning for and deleting the infected files
  1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
  2. Run a full system scan.
  3. If any files are detected as infected with Adware.Adtest, click Delete.


4. Deleting the value from the registry

WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry ," for instructions.


This is done to make sure that all the keys are removed. They may not be there if they were removed by the uninstaller.

  1. Click Start, and then click Run. (The Run dialog box appears.)
  2. Type regedit

    Then click OK. (The Registry Editor opens.)

  3. Navigate to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  4. In the right pane, delete the values:

    "intnets"="%System%\intnets.exe" and "sysinfer" = "System%\sysinfer.exe"

  5. Exit the Registry Editor.

5. Removing the Run= line from Win.ini
If you are running Windows 95/98/Me, follow these steps:
  1. The function you perform depends on your operating system:
    • Windows 95/98: Go to step B.
    • Windows Me: If you are running Windows Me, the Windows Me file-protection process may have made a backup copy of the Win.ini file that you need to edit. If this backup copy exists, it will be in the C:\Windows\Recent folder. Symantec recommends that you delete this file before continuing with the steps in this section. To do this:
      1. Start Windows Explorer.
      2. Browse to and select the C:\Windows\Recent folder.
      3. In the right pane, select the Win.ini file and delete it. The Win.ini file will be regenerated when you save your changes to it in step F.

  2. Click Start, and then click Run.
  3. Type the following, and then click OK.

    edit c:\windows\win.ini

    (The MS-DOS Editor opens.)

    NOTE: If Windows is installed in a different location, make the appropriate path substitution.

  4. In the [windows] section of the file, look for a line similar to:

    run = %Windir%\msfiles.exe

  5. If this line exists, delete the entire line.
  6. Click File, and then click Save.
  7. Click File, and then click Exit.