Discussion in 'spyware news and general information' started by Pieter_Arntz, Apr 17, 2005.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    A browser hijacker using a BHO to display ads.

    The division into "families" was done by Andrew Clover of Doxdesk.

    Finding all of them was a group effort here at Wilders, at GSF and at Spyware Warrior.

    The listing is displayed like this: "variant" - "first discovered" - "filename"
    "CLSID" - "Name of the BHO"

    initial variants
    ContextuAd/STRAd 20040907 STRAd32.dll
    1433F750-E53F-11D8-9669-0800200C9A66 STRAd32 Class

    ContextuAd/DNSProxy 20040818 DNSProxy.dll
    06594350-D723-11D8-9669-0800200C9A66 DNSProxyObj Class

    localsplnet subvariants
    ContextuAd/NetA 20041201 localsplnet.dll
    4E7BD750-2C8E-469B-C1E2-F063C081BF33 Local Spool Net support DLL

    ContextuAd/NetB 20041201 localsplnet.dll
    E0000D50-8DE9-4FCB-9284-22EC06851B37 Local Spool Net support DLL

    ContextuAd/NetC 20041218 localsplnet.dll
    327C2850-C90E-4D37-AA9E-10AD9BACA46C Local Spool Net support DLL

    ContextuAd/NetD 20041227 localsplnet.dll
    9527E450-D666-11E3-B8ED-00600938CE5F Local Spool Net support DLL

    ContextuAd/NetE 20041229 localsplnet.dll
    48BF2B50-2945-11C8-8CED-00080CE65465 Local Spool Net support DLL

    ContextuAd/NetF 20050303 localsplnet.dll
    EF99BD50-CDFB-11E2-892F-1090271D4F78 Local Spool Net support DLL

    ContextuAd/NetG 20050305 localsplnet.dll
    FCADDC50-BE46-409A-9842-CEBE1C6E37EB Local Spool Net support DLL

    ContextuAd/NetH 20050330 localsplnet.dll
    41943050-65CC-454B-81E4-9C8A9D7CBAEA Local Spool Net support DLL

    lower-case-support subvariants
    ContextuAd/LSpoolNT 20050305 lspoolnt.dll
    00C9D850-244D-10E1-B3C1-10805E499D95 Local Spool support DLL

    ContextuAd/LclSplNT 20050123 lclsplnt.dll
    00C9D850-244D-10E1-B3C9-10805E499D95 Local Spool support DLL

    ContextuAd/LclSpl 20050308 lclspl.dll
    00C9D850-244D-11E1-B3C9-10805E499D95 Local Spool support DLL

    ContextuAd/LoclSpl 20050330 loclspl.dll
    20C9D850-244D-11E1-B3C9-10805E499D95 Local Spool support DLL

    ContextuAd/MPlay 20050109 mplay32.dll
    2DC9D850-144D-11E1-B3C9-10805E499D95 Media Player support DLL

    ContextuAd/MSNetwrk 20050116 msnetwrk.dll
    2DC9D850-044D-11E1-B3C9-10805E499D93 MS Network support DLL

    ContextuAd/WinProx 20050212 winprox.dll
    2DC9D850-144D-11E1-B3C9-10805E499D93 Windows Proxy support DLL

    ContextuAd/ProxySpd 20050216 proxyspd.dll
    1DC9D850-044D-11E1-B3C9-00805E499D93 Proxy Connection support DLL

    ContextuAd/ImgUtil 20050222 imgutil32.dll
    86B09C50-4138-4863-A585-380205F1F774 IE plugin support DLL

    'core' subvariants
    ContextuAd/MimeCore 20050217 mimecore.dll
    35B75950-9CA7-433B-A9E6-7E9B8266572C MIME Plugin Support Dll

    ContextuAd/MimTCore 20050303 mimtcore.dll
    ED045E50-1DD5-4FA1-B468-E624CC585D3A MIME Type Support Dll

    ContextuAd/MPEGCore 20050217 mpegcore.dll
    57A70350-87D9-4EA2-B3AC-C1C1B5296035 MPEG Support Dll

    ContextuAd/JavaCore 20050219 javacore.dll
    2136FD50-C11F-40CC-A714-F9412F91BD40 JavaPlugin Support Dll

    ContextuAd/ClsidCore 20050228 clsidcore.dll
    32978850-02C0-4F0F-A5E6-C22FB04423FC CLSID Support Dll

    ContextuAd/DNSCore 20050315 dnscore.dll
    4920E150-5D27-4B95-B60B-D68B78928441 DNS Resolve Support Dll

    ContextuAd/DHTMLCore 20050313 dhtmlcore.dll
    DC242F50-B46A-4182-B377-64A795CFED9C DHTML Support Dll

    ContextuAd/JavaMCore 20050319 javamcore.dll
    6B925150-4E3E-4EC7-B642-57392A9394C1 Java Machine Support Dll

    ContextuAd/MSPrxCore 20050329 msprxcore.dll
    830DE650-EBE7-434F-99AA-8DCBCDACBD7B MSProxy Support Dll

    ContextuAd/BVICore 20050404 bvicore.dll
    9D9A7350-46C9-4E3C-92EF-382B5740A1C3 Media Playback Support Dll

    More will be added if and when they are found.

    Like this one:
    O2 - BHO: Local Spool support DLL - {20C9D850-244D-10E1-B3C1-20805E499D95} - C:\WINDOWS\system32\winspl32.dll
    O2 - BHO: MSProxy Support Dll - {1920E150-5D27-4B95-B60B-D68B78928441} - C:\WINDOWS\System32\msprxcore.dll
    Last edited: May 17, 2005
Thread Status:
Not open for further replies.