Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.LoveFreeGames

Adware.LoveFreeGames

Updated:
May 29, 2006
Risk Impact:
High
Systems Affected:
Windows

Behavior

Adware.LoveFreeGames is a security risk that installs an Internet Explorer toolbar.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version October 02, 2014 revision 022
  • Initial Daily Certified version May 25, 2006
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date May 31, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Adware.LoveFreeGames is a security risk that installs an Internet Explorer toolbar.

Once executed, the security risk launches Internet Explorer and creates a Browser Helper Object, BHO, toolbar.

The security risk displays two instances of Internet Explorer, the first congratulating you on a successul install. The second instance displays a page hosted by LoveFreeGames.

The risk creates the following folder:
%Program Files%\LoveFreeGames\Toolbar

The risk then creates the following files in the folder:
basis.xml
952abeae125ffbe8550bd7c564db9b6a.bmp
c8197e39df98dac27f6e6eb9063530cc.bmp
e55a69c443015715d82f74961dac2056.xml
icons.bmp
lfg-toolbar.crc
lfg-toolbar.dll
lfg2.bmp
tb_settings.xml
version.txt

The risk also creates the following file:
%USERPROFILE%\Local Settings\Temp\lfg-toolbar.exe

It then creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{246A2CA8-10D9-4f50-B259-CAFF6619A12E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DFD5077-FB25-4397-8D9F-ACFB8CC7E34B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C5C33AE-65B0-49C3-BA80-BAFE08404306} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F2BBDD9A-3A7B-4A5B-82B0-15C8B832E915} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{631719CD-9DEB-4CA8-BE38-6ADB325AEBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTB09874 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTB09874.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB09874.IEToolbar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB09874.IEToolbar.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB09874.XBTB09874 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB09874.XBTB09874.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{246A2CA8-10D9-4f50-B259-CAFF6619A12E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB09874.XBTB09874Toolbar HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\Maxthon
HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\XBTB09874

The security risk creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{246A2CA8-10D9-4f50-B259-CAFF6619A12E}\InprocServer32\"Default" = "C:\PROGRA~1\LOVEFR~1\Toolbar\LFG-TO~1.DLL"

It also creates the following registry entry to ensure the toolbar will load everytime Internet Explorer is launched
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DFD5077-FB25-4397-8D9F-ACFB8CC7E34B}\InprocServer32\"Default" = "C:\Program Files\LoveFreeGames\Toolbar\lfg-toolbar.dll"

It then creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{631719CD-9DEB-4CA8-BE38-6ADB325AEBB8}\1.0\0\win32\"Default" = "C:\Program Files\LoveFreeGames\Toolbar\lfg-toolbar.dll"
Writeup By: Aaron Faloon