ATP (bubblemachine.exe)

ATP (bubblemachine.exe) is an adware bundler that installs other adware with itself like Adware-NetPals (Favoriteman). Favoriteman installs installs itself as a Browser Helper Object and attempts to contact remote servers to download new executable content.

General information:

Malware Name:	ATP (bubblemachine.exe)
Malware Type:	Adware Bundler
Company Name:	teamtaylormade.com
Company URL:	http://www.teamtaylormade.com/
Threat Level:	Low Risk
Operating System:	WIN XP
Installation Type:	Installed through EXE
Operation:	Time of After Installation

Company Description:

teamtaylormade.com provides you the software ATP (bubblemachine.exe) that is a fictitious bubble machine. It constantly produces a never ending supply of bubbles.

Spyware Description:

Characteristics/Symptoms:

-> It installs other adware with itself like Adware-NetPals (Favoriteman). -> Favoriteman installs installs itself as a Browser Helper Object and attempts to contact remote servers to download new executable content.

Additional information might be found here:

	Search at Google for ATP (bubblemachine.exe)
	Search at Bing for ATP (bubblemachine.exe)
	Search at Yahoo for ATP (bubblemachine.exe)

Processes Running:

Bubble Machine.scr

File information Created after Installation:

File Location	Size (Bytes)	Type
C:\Documents and Settings\[USER]\Local Settings\Temp\42odhr0b.exe	55296	Application
C:\WINDOWS\system32\ATPartners.dll	96256	Application Extension

Folder information Created after Installation:

Folder Location

Registry information Created after Installation:

Main Registry Key	Sub Registry Key	Key Value Name
HKEY_CLASSES_ROOT	\CLSID\{00000EF1-0786-4633-87C6-1AA7A44296DA}
HKEY_LOCAL_MACHINE	\SOFTWARE\Classes\TypeLib\{EF100007-F409-426A-9E7C-CB211F2A9786}
HKEY_LOCAL_MACHINE	\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO	UninstallString