Adware/BHO/Dialer/VB.br

Alias: Armbender, OpenSite, Adware.OpenSite, TrojanClicker.Win32.VB.br

Description: It is an adware program that displays advertisements based on keywords in the address bar. It may also change the default home page in Internet Explorer.

Threat type:

Adware - Adware is a software application which displays advertisements on your computer. Advertisements can be displayed through pop-up / pop-under windows, additional bars or toolbars, underlined links or buttons that appear on a computer screen. Adware applications include additional code that delivers the ads. Adware authors earn money when users click on those ads. Occasionally, adware includes code that tracks user's site visits and passes it to third parties without the user's permission or knowledge.

BHO - A Browser Helper Object (BHO) is a software application that runs automatically whenever you start Internet Explorer. Browser Helper Objects are typically installed by other programs such as toolbar accessories and can track internet usage, create popup windows, display additional information on a viewed page and collect information that is transmitted by you over the internet. Malicious software that exploits this technology can replace banner advertisements with other ads, monitor your actions, change your home page, etc.

Dialer - A Dialer is a software application that dials long distance phone numbers. Dialers modify your dial-up settings and make very expensive long distance phone calls without user's permission. The user will be billed for the time used. Dialer authors share the revenues shady long distance providers.

Homepage Hijacker - A Homepage Hijacker is a software application that takes control over your browser's settings. Usually it changes your home page and redirects it to some other site or modifies your search settings. It prevents you to change browser's settings. In such hijacks, your browser may operate normally, but be much slower.

Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy.

Detection:
SpyNoMore detects Adware/BHO/Dialer/VB.br: Yes

Threat risk: High Risk

Very dangerous malware. Can log user's keyboard activity and take snapshots of the user's screen. Uses stealth installation and removal is very difficult. Category includes spyware programs, adware programs and trojans.

Symptoms:

Adware/BHO/Dialer/VB.br Signature Details: The following information includes some of the standard signatures associated with this spyware threat. Please do not attempt to manually remove these items from your computer; Removing these items incorrectly or partially can cause your computer to experience critical errors, prevent your computer from restarting or cause loss of Internet connectivity. Should you be infected with Adware/BHO/Dialer/VB.br, you can clean your computer by downloading SpyNoMore now.

Running Process Signatures:
N/A

File Signatures:
%WINDOWS%\system32\opnste.dll
%WINDOWS%\system\opnste.dll

Registered Dll (Dynamic Link Library) Signatures:
N/A

Folder Signatures:
%PROGRAM_FILES%\open site

Registry Signatures:
HKCR\clsid\{30a56549-9d5b-4d34-afa7-440a7f0538a9}
HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{30a56549-9d5b-4d34-afa7-440a7f0538a9}
HKLM\software\microsoft\windows\currentversion\uninstall\open site
HKCR\interface\{c9d12be0-1bf5-4748-b416-5cefd8c968a8}
HKCR\software\microsoft\windows\currentversion\explorer\browser helper objects\{30a56549-9d5b-4d34-afa7-440a7f0538a9}
HKCR\typelib\{b968a45d-3edf-4c5a-a378-a315854d7419}
HKCR\opensite.cbrowserhelper
HKLM\software\classes\clsid\{30a56549-9d5b-4d34-afa7-440a7f0538a9}

SpyNoMore Collected Residual File Signatures:
N/A

See Also:
Hijacker/Homepage Hijacker/StartPage.ei
Trojan/Hijacker/Lolaweb.a
Adware/Lanzardll.exe
Adware/DNLExe
Toolbar/NetVision
Hijacker/Mslink32
Adware/BHO/Toolbar/PopMonster
Toolbar/Homepage Hijacker/StartPage.ey
Adware/Hijacker/WhyPPC
Trojan/Backdoor/RAT/Oblivion.01.A.dam