ContextuAd

A browser hijacker using a BHO to display ads.

The division into "families" was done by Andrew Clover of Doxdesk.

Finding all of them was a group effort here at Wilders, at GSF and at Spyware Warrior.

The listing is displayed like this: "variant" - "first discovered" - "filename"
"CLSID" - "Name of the BHO"


initial variants
ContextuAd/STRAd 20040907 STRAd32.dll
1433F750-E53F-11D8-9669-0800200C9A66 STRAd32 Class

ContextuAd/DNSProxy 20040818 DNSProxy.dll
06594350-D723-11D8-9669-0800200C9A66 DNSProxyObj Class

localsplnet subvariants
ContextuAd/NetA 20041201 localsplnet.dll
4E7BD750-2C8E-469B-C1E2-F063C081BF33 Local Spool Net support DLL

ContextuAd/NetB 20041201 localsplnet.dll
E0000D50-8DE9-4FCB-9284-22EC06851B37 Local Spool Net support DLL

ContextuAd/NetC 20041218 localsplnet.dll
327C2850-C90E-4D37-AA9E-10AD9BACA46C Local Spool Net support DLL

ContextuAd/NetD 20041227 localsplnet.dll
9527E450-D666-11E3-B8ED-00600938CE5F Local Spool Net support DLL

ContextuAd/NetE 20041229 localsplnet.dll
48BF2B50-2945-11C8-8CED-00080CE65465 Local Spool Net support DLL

ContextuAd/NetF 20050303 localsplnet.dll
EF99BD50-CDFB-11E2-892F-1090271D4F78 Local Spool Net support DLL

ContextuAd/NetG 20050305 localsplnet.dll
FCADDC50-BE46-409A-9842-CEBE1C6E37EB Local Spool Net support DLL

ContextuAd/NetH 20050330 localsplnet.dll
41943050-65CC-454B-81E4-9C8A9D7CBAEA Local Spool Net support DLL

lower-case-support subvariants
ContextuAd/LSpoolNT 20050305 lspoolnt.dll
00C9D850-244D-10E1-B3C1-10805E499D95 Local Spool support DLL

ContextuAd/LclSplNT 20050123 lclsplnt.dll
00C9D850-244D-10E1-B3C9-10805E499D95 Local Spool support DLL

ContextuAd/LclSpl 20050308 lclspl.dll
00C9D850-244D-11E1-B3C9-10805E499D95 Local Spool support DLL

ContextuAd/LoclSpl 20050330 loclspl.dll
20C9D850-244D-11E1-B3C9-10805E499D95 Local Spool support DLL

ContextuAd/MPlay 20050109 mplay32.dll
2DC9D850-144D-11E1-B3C9-10805E499D95 Media Player support DLL

ContextuAd/MSNetwrk 20050116 msnetwrk.dll
2DC9D850-044D-11E1-B3C9-10805E499D93 MS Network support DLL

ContextuAd/WinProx 20050212 winprox.dll
2DC9D850-144D-11E1-B3C9-10805E499D93 Windows Proxy support DLL

ContextuAd/ProxySpd 20050216 proxyspd.dll
1DC9D850-044D-11E1-B3C9-00805E499D93 Proxy Connection support DLL

ContextuAd/ImgUtil 20050222 imgutil32.dll
86B09C50-4138-4863-A585-380205F1F774 IE plugin support DLL

'core' subvariants
ContextuAd/MimeCore 20050217 mimecore.dll
35B75950-9CA7-433B-A9E6-7E9B8266572C MIME Plugin Support Dll

ContextuAd/MimTCore 20050303 mimtcore.dll
ED045E50-1DD5-4FA1-B468-E624CC585D3A MIME Type Support Dll

ContextuAd/MPEGCore 20050217 mpegcore.dll
57A70350-87D9-4EA2-B3AC-C1C1B5296035 MPEG Support Dll

ContextuAd/JavaCore 20050219 javacore.dll
2136FD50-C11F-40CC-A714-F9412F91BD40 JavaPlugin Support Dll

ContextuAd/ClsidCore 20050228 clsidcore.dll
32978850-02C0-4F0F-A5E6-C22FB04423FC CLSID Support Dll

ContextuAd/DNSCore 20050315 dnscore.dll
4920E150-5D27-4B95-B60B-D68B78928441 DNS Resolve Support Dll

ContextuAd/DHTMLCore 20050313 dhtmlcore.dll
DC242F50-B46A-4182-B377-64A795CFED9C DHTML Support Dll

ContextuAd/JavaMCore 20050319 javamcore.dll
6B925150-4E3E-4EC7-B642-57392A9394C1 Java Machine Support Dll

ContextuAd/MSPrxCore 20050329 msprxcore.dll
830DE650-EBE7-434F-99AA-8DCBCDACBD7B MSProxy Support Dll

ContextuAd/BVICore 20050404 bvicore.dll
9D9A7350-46C9-4E3C-92EF-382B5740A1C3 Media Playback Support Dll


More will be added if and when they are found.

Like this one:
O2 - BHO: Local Spool support DLL - {20C9D850-244D-10E1-B3C1-20805E499D95} - C:\WINDOWS\system32\winspl32.dll
O2 - BHO: MSProxy Support Dll - {1920E150-5D27-4B95-B60B-D68B78928441} - C:\WINDOWS\System32\msprxcore.dll