Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.Oemji

Adware.Oemji

Updated:
October 06, 2006
Risk Impact:
High
Systems Affected:
Windows

Behavior

Adware.Oemji is an adware program that redirects searches in Internet Explorer.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version October 02, 2006
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date October 04, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Adware.Oemji is an adware program that redirects searches in Internet Explorer.

Once executed, the risk creates the following files:
%ProgramFiles%\Oemji\Oemji.dll
%ProgramFiles%\Oemji\OemjiPS.dll
%ProgramFiles%\Oemji\OemjiShare.exe
%ProgramFiles%\Oemji\omreg.dll
%ProgramFiles%\Oemji\Res_CS.dll
%ProgramFiles%\Oemji\Res_CT.dll
%ProgramFiles%\Oemji\Res_EN.dll
%ProgramFiles%\Oemji\Res_FR.dll
%ProgramFiles%\Oemji\Res_GM.dll
%ProgramFiles%\Oemji\Res_JP.dll
%ProgramFiles%\Oemji\Res_KO.dll
%ProgramFiles%\Oemji\Res_SP.dll
%ProgramFiles%\Oemji\SkinEngine.dll
%ProgramFiles%\Oemji\zlibwapi.dll
%ProgramFiles%\Oemji\config.xml
%ProgramFiles%\Oemji\INSTALL.LOG
%ProgramFiles%\Oemji\Oemji.ico
%ProgramFiles%\Oemji\oemjibar.zip
%ProgramFiles%\Oemji\reg.xml
%ProgramFiles%\Oemji\egister.ini
%ProgramFiles%\Oemji\RegistrationDebug.LOG
%ProgramFiles%\Oemji\searchhistory.xml
%ProgramFiles%\Oemji\Uninstall.exe
%ProgramFiles%\Oemji\UNWISE.EXE
%Windir%\Downloaded Program Files\oemji.inf

The risk also creates the following registry subkeys:
HKEY_CLASSES_ROOT\AppID\Fileshare.EXE
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000473CD-A3ED-4969-A063-2BBA07945441}
HKEY_ALL_USERS\Software\Oemji
HKEY_CLASSES_ROOT\AppID\OemtecIESearch.DLL
HKEY_CLASSES_ROOT\AppID\{47378083-F0CD-4B3A-81FA-CFBA119FADEA}
HKEY_CLASSES_ROOT\AppID\{BCF4E62D-7613-4DBE-8CF3-8C84F0FC804C}
HKEY_CLASSES_ROOT\CLSID\{000473CD-A3ED-4969-A063-2BBA07945441}
HKEY_CLASSES_ROOT\CLSID\{010D59BA-65AA-417C-82E5-BCEF6379A953}
HKEY_CLASSES_ROOT\CLSID\{057D7731-052B-4781-BB80-33A7723A1993}
HKEY_CLASSES_ROOT\CLSID\{1E150B18-E746-4569-AF9F-C990AB3F1036}
HKEY_CLASSES_ROOT\CLSID\{50ACEABC-B79A-40D9-A41E-D3A682E4DA2F}
HKEY_CLASSES_ROOT\CLSID\{836BBDA6-A612-4B02-B5A7-BCF2AB076F74}
HKEY_CLASSES_ROOT\CLSID\{83F6A8A8-0337-46e5-B1C0-42B291486CEC}
HKEY_CLASSES_ROOT\CLSID\{C213D102-64FC-41b0-8C49-D2725D9786D9}
HKEY_CLASSES_ROOT\Interface\{35C738CB-ABB1-41BE-8130-AB10B1B94138}
HKEY_CLASSES_ROOT\Interface\{50ACEABC-B79A-40D9-A41E-D3A682E4DA2F}
HKEY_CLASSES_ROOT\Interface\{5EC4D98F-CCF4-47B0-8C92-45B764A602A6}
HKEY_CLASSES_ROOT\Interface\{65AA3C03-8203-48E4-BBD7-E25885E96732}
HKEY_CLASSES_ROOT\Interface\{9E068552-08C9-4979-8D71-E9241B72EDEE}
HKEY_CLASSES_ROOT\Interface\{D60A75DB-F3D2-4B60-82B9-ED600A18C564}
HKEY_CLASSES_ROOT\Interface\{EEB701BE-4297-4A74-8761-A0346B5484B2}
HKEY_CLASSES_ROOT\OMReg.CDownloadProgressController.1
HKEY_CLASSES_ROOT\OMReg.CDownloadProgressController
HKEY_CLASSES_ROOT\OMReg.RegistrationObj.1
HKEY_CLASSES_ROOT\OMReg.RegistrationObj
HKEY_CLASSES_ROOT\OemtecIESearch.OemtecIESearchBho.1
HKEY_CLASSES_ROOT\OemtecIESearch.OemtecIESearchBho
HKEY_CLASSES_ROOT\TypeLib\{0A6C2632-BB2D-4874-ADEC-F27716E787EF}
HKEY_CLASSES_ROOT\TypeLib\{28F1514B-4996-48D0-A27F-728669D1513B}
HKEY_CLASSES_ROOT\TypeLib\{767B6A03-50AB-4C9D-9EF7-8D7DB92A2396}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A91AF9E-E985-4586-89CC-C776DB86D97B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fileshare.CConfigurationEvent
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fileshare.CConfigurationEvent.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fileshare.HistoryEvent
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fileshare.HistoryEvent.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fileshare.PactecConfiguration
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fileshare.PactecConfiguration.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fileshare.SearchHistory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fileshare.SearchHistory.1
HKEY_LOCAL_MACHINE\SOFTWARE\Oemji Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oemji Toolbar

The risk also creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\"{000473CD-A3ED-4969-A063-2BBA07945441}" = "OemtecIESearch.OemtecIESearchBho"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\"SearchAssistant" = "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\"SearchAssistant" = "http://www.oemji.com/side_search.html"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\"CustomizeSearch" = "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\"CustomizeSearch" = "http://www.oemji.com"

Next, the risk creates the following registry entries to redirect searches and the home page to oemji.com in Internet Explorer:
HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Main\"Search Bar" = “http://www.oemji.com/side_search.html"
HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Main\"Start Page" = "http://www.oemji.com"
HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\SearchUrl\"Software\Microsoft\Internet Explorer\SearchURL" = "http://www.oemji.com/side_search.html"

Then the risk sets the following value, which allows third-party Browser Extensions:
HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Main\"Enable Browser Extensions" = "yes"

The risk may also redirect 404 error messages to a Web site on the Oemji.com domain, which may prevent users from seeing these error messages.