For Consumer

Virus Profile: Adware-NewNext

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 2/19/2014
Date Added: 2/19/2014
Origin: Unknown
Length: varies
Type: PUP
Subtype: Adware
DAT Required: 7349
Removal Instructions
   
 
 
   

Description

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Aliases –
  • a2        -     Adware.Win32.Agent (A)
  • drweb        -     Adware.NextLive.1
  • Kaspersky            -           not-a-virus:AdWare.Win32.Agent.ahgx
  • gdata         -            Win32.Adware.NextLive.A

Indication of Infection

Presence of above mentioned activities.   

Methods of Infection

This is not a virus or Trojan. PUPs do not "infect" systems. They may be installed by a user individually or possibly as a part of a software package (in a bundle, for example).
   

Virus Characteristics

Adware-NewNext” is detection for a potentially unwanted program that contains adware, installs toolbars. It is not a virus or a Trojan. It is a application that allows you to manage the entire content of your Android phone with the help of your computer. This type of program is also called Android synchronization software.

Upon execution the file connects to the below IP Addresses.
  • 54.[removed].97
  • 50.[removed].69
Upon execution the following files have been added to the system.
  • %temp%\607FEC0282D4ADFFF3D8A35BC061212F07E44354
  • %temp%\Realplayer2.exe
  • %temp%\Mobogenie_Setup_2.1.37_666.exe
  • %programfiles%\Mobogenie\MgAssist.exe
  • %programfiles%\Mobogenie\Mobogenie.exe
  • %userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
  • %userprofile%\Desktop\Mobogenie.lnk
  • %temp%\nsg6C.tmp
  • %temp%\nsg6C.tmp\background.bmp
  • %temp%\nsg6C.tmp\BgWorker.dll
  • %temp%\nsg6C.tmp\btn_min.bmp
  • %temp%\nsg6C.tmp\install.ico
  • %temp%\nsg6C.tmp\KillProcDLL.dll
  • %temp%\nsg6C.tmp\nsis7z.dll
  • %temp%\nsg6C.tmp\SkinBtn.dll
  • %temp%\nsg6C.tmp\System.dll
  • %temp%\nsg6C.tmp\uninstall.ico
  • %temp%\nsw6B.tmp
  • %userprofile%\Start Menu\Programs\Mobogenie\Mobogenie.lnk
  • %programfiles%\Mobogenie\aapt.exe
  • %programfiles%\Mobogenie\AdbWinApi.dll
  • %programfiles%\Mobogenie\AdbWinUsbApi.dll
  • %programfiles%\Mobogenie\AutoItX3.dll
  • %programfiles%\Mobogenie\AutoItX3_x64.dll
  • %programfiles%\Mobogenie\configure.mu
  • %programfiles%\Mobogenie\CrashReport.exe
  • %programfiles%\Mobogenie\CrashRpt.dll
  • %programfiles%\Mobogenie\DaemonProcess.exe
  • %programfiles%\Mobogenie\DCR.dll
  • %programfiles%\Mobogenie\devcon_x64.exe
  • %programfiles%\Mobogenie\devcon_x86.exe
  • %programfiles%\Mobogenie\Device.dll
  • %programfiles%\Mobogenie\DriverInstall_x64.exe
  • %programfiles%\Mobogenie\DriverInstall_x86.exe
  • %programfiles%\Mobogenie\imageformats\qgif4.dll
  • %programfiles%\Mobogenie\imageformats\qico4.dll
  • %programfiles%\Mobogenie\imageformats\qjpeg4.dll
  • %programfiles%\Mobogenie\imageformats\qmng4.dll
  • %programfiles%\Mobogenie\imageformats\qsvg4.dll
  • %programfiles%\Mobogenie\imageformats\qtga4.dll
  • %programfiles%\Mobogenie\imageformats\qtiff4.dll
  • %programfiles%\Mobogenie\lang.mu
  • %programfiles%\Mobogenie\libeay32.dll
  • %programfiles%\Mobogenie\lsusb.exe
  • %programfiles%\Mobogenie\mgadb.exe
  • %programfiles%\Mobogenie\mgusb.exe
  • %programfiles%\Mobogenie\mobileu_chinese.qm
  • %programfiles%\Mobogenie\mobileu_traditional.qm
  • %programfiles%\Mobogenie\mobileu_vietnamese.qm
  • %programfiles%\Mobogenie\Mobogenie.7z
  • %programfiles%\Mobogenie\mobogenie.apk
  • %programfiles%\Mobogenie\Mobogenie.url
  • %programfiles%\Mobogenie\msvcp100.dll
  • %programfiles%\Mobogenie\msvcr100.dll
  • %programfiles%\Mobogenie\MUServer.apk
  • %programfiles%\Mobogenie\nengine.dll
  • %programfiles%\Mobogenie\OutlookOperatorC.exe
  • %programfiles%\Mobogenie\phonon_backend\phonon_ds94.dll
  • %programfiles%\Mobogenie\phonon4.dll
  • %programfiles%\Mobogenie\QtCore4.dll
  • %programfiles%\Mobogenie\QtGui4.dll
  • %programfiles%\Mobogenie\QtNetwork4.dll
  • %programfiles%\Mobogenie\QtSql4.dll
  • %programfiles%\Mobogenie\QtWebKit4.dll
  • %programfiles%\Mobogenie\shortcut.ico
  • %programfiles%\Mobogenie\Source.mu
  • %programfiles%\Mobogenie\sqldrivers\qsqlite4.dll
  • %programfiles%\Mobogenie\ssleay32.dll
The following registry keys have been added to the system.
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MOBOGENIE.EXE           
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MOBOGENIE.EXE\\INSTALLER LANGUAG   
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MOBOGENIEADD\\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MOBOGENIEADD\\DAYADD
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MOBOGENIE\\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MOBOGENIE\\DISPLAYICON
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MOBOGENIE\\DISPLAYNAME
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MOBOGENIE\\PUBLISHER
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MOBOGENIE\\UNINSTALLSTRING
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MOBOGENIE\\URLINFOABOUT
The following registry values have been added to the system:
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\\PROXYENABLE
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\\PROXYBYPASS
The above registry key values confirm that the application tries to bypass the proxy settings


   
Use current engine and DAT files for detection and removal. Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
   

PC Infected? Get Expert Help

McAfee
Virus Removal Service

Connect to one of our Security Experts by phone. Have your PC fixed remotely - while you watch!

$89.95