GotSmiley

GAIN Publishing, IncGotSmiley, a program by Claria/GAIN Publishing Inc (also known as Gator), allows user to choose from over 1,000 unique smileys and icons for their email messages. In exchange for their free software they bundle a program called Gain AdServer which provides you with targeted pop-up advertisements based on keywords it collects from websites while you browse. Claria's eWallet and Offer companion are also bundled along with GotSmiley.Characteristics/Symptoms: Collects information about users activitySlows the SystemShows targeted popup adsInstalls other Adware alsoDate: 2006-03-21Security Level: HighOperating OS: WIN XPInstallation Type: Installed through EXEOperation: After InstallationTime of Operation: After Installation/Browser Restart.Screenshot:a) On IE Toolbarb) System Tray Iconc) Main window screenshot2. Installation Sample and Image2.1. Installation SampleOrigin URL: http://download.gainpublishing.com/gotsmiley/GotSmileySetupWebSite.exe 3. Changes after installation 3.1. Process: GotSmiley.exe, GSYUpdater.exeFiles and Location: C:\Program Files\GotSmiley\GotSmiley.exeC:\Program Files\GotSmiley\GSYUpdater.exe3.2 Directories:GotSmiley Installer creates following directories:C:\Program Files\GotSmileyC:\Program Files\GotSmiley\ImagesC:\Program Files\GotSmiley\Images\00001000C:\Program Files\GotSmiley\Images\00001000\00000001C:\Program Files\GotSmiley\Images\00001000\00000001\cfgC:\Program Files\GotSmiley\Images\00001000\00000001\cfg\enC:\Program Files\GotSmiley\Images\00001000\00000002C:\Program Files\GotSmiley\Images\00001000\00000002\cfgC:\Program Files\GotSmiley\Images\00001000\00000002\cfg\enC:\Program Files\GotSmiley\Images\cfgC:\Program Files\GotSmiley\Images\CustomSmileysC:\Program Files\GotSmiley\Images\CustomSmileys\CreateSmileysC:\Program Files\GotSmiley\Images\CustomSmileys\SavedSmileysC:\Program Files\GotSmiley\Images\CustomSmileys\SavedSmileys\cfgC:\Program Files\GotSmiley\Images\CustomSmileys\SavedSmileys\cfg\enC:\Program Files\GotSmiley\Images\EmotionsC:\Program Files\GotSmiley\Images\Emotions\AngryC:\Program Files\GotSmiley\Images\Emotions\GreetingsC:\Program Files\GotSmiley\Images\Emotions\HappyC:\Program Files\GotSmiley\Images\Emotions\LoveC:\Program Files\GotSmiley\Images\Emotions\SadC:\Program Files\GotSmiley\Images\Emotions\ShockedC:\Program Files\GotSmiley\Images\Emotions\ShyC:\Program Files\GotSmiley\Images\Emotions\TeasingC:\Program Files\GotSmiley\Images\Emotions\ThinkingC:\Program Files\GotSmiley\Images\EntertainmentC:\Program Files\GotSmiley\Images\Entertainment\HoroscopeC:\Program Files\GotSmiley\Images\Entertainment\MusicC:\Program Files\GotSmiley\Images\Entertainment\SportsC:\Program Files\GotSmiley\Images\HobbiesAndLeisureC:\Program Files\GotSmiley\Images\HobbiesAndLeisure\DiningC:\Program Files\GotSmiley\Images\HobbiesAndLeisure\ExerciseC:\Program Files\GotSmiley\Images\HobbiesAndLeisure\IndoorC:\Program Files\GotSmiley\Images\HobbiesAndLeisure\OutdoorC:\Program Files\GotSmiley\Images\HobbiesAndLeisure\SleepingC:\Program Files\GotSmiley\Images\HolidaysC:\Program Files\GotSmiley\Images\Holidays\ChristmasC:\Program Files\GotSmiley\Images\Holidays\EasterC:\Program Files\GotSmiley\Images\Holidays\FathersDayC:\Program Files\GotSmiley\Images\Holidays\FourthofJulyC:\Program Files\GotSmiley\Images\Holidays\HalloweenC:\Program Files\GotSmiley\Images\Holidays\HanukkahC:\Program Files\GotSmiley\Images\Holidays\MothersDayC:\Program Files\GotSmiley\Images\Holidays\NewYearC:\Program Files\GotSmiley\Images\Holidays\StPatricksDayC:\Program Files\GotSmiley\Images\Holidays\ThanksgivingC:\Program Files\GotSmiley\Images\Holidays\ValentinesDayC:\Program Files\GotSmiley\Images\MostPopularC:\Program Files\GotSmiley\Images\ObjectsC:\Program Files\GotSmiley\Images\Objects\AlphabetC:\Program Files\GotSmiley\Images\Objects\AnimalsC:\Program Files\GotSmiley\Images\Objects\CountryFlagsC:\Program Files\GotSmiley\Images\Objects\FoodC:\Program Files\GotSmiley\Images\Objects\GeneralC:\Program Files\GotSmiley\Images\Objects\MilitaryC:\Program Files\GotSmiley\Images\Objects\NumbersC:\Program Files\GotSmiley\Images\Objects\StateFlagsC:\Program Files\GotSmiley\Images\Objects\TransportationC:\Program Files\GotSmiley\Images\OccasionsC:\Program Files\GotSmiley\Images\Occasions\BirthdayC:\Program Files\GotSmiley\Images\Occasions\CongratulationsC:\Program Files\GotSmiley\Images\Occasions\GeneralC:\Program Files\GotSmiley\Images\Occasions\PartyC:\Program Files\GotSmiley\Images\PeopleC:\Program Files\GotSmiley\Images\People\OccupationsC:\Program Files\GotSmiley\Images\People\OtherC:\Program Files\GotSmiley\Images\testC:\Program Files\GotSmiley\Images\WordBubblesC:\Program Files\GotSmiley\Images\WordBubbles\EverydayC:\Program Files\GotSmiley\Images\WordBubbles\NegativeC:\Program Files\GotSmiley\Images\WordBubbles\PositiveC:\Program Files\GotSmiley\SkinsC:\Documents and Settings\All Users\Start Menu\Programs\GotSmiley3.3. ActiveX Information ActiveX Screenshot:File location

General information:

Malware Name: GotSmiley
Malware Type: Adware
Company Name: GAIN Publishing, Inc
Company URL:
Threat Level: High
Operating System: WIN XP
Installation Type: Installed through EXE
Operation: Time of After Installation/Browser Restart.

Company Description:

GotSmiley, a program by Claria/GAIN Publishing Inc (also known as Gator), allows user to choose from over 1,000 unique smileys and icons for their email messages. In exchange for their free software they bundle a program called Gain AdServer which provides you with targeted pop-up advertisements based on keywords it collects from websites while you browse. Claria's eWallet and Offer companion are also bundled along with GotSmiley.

Spyware Description:

GAIN Publishing, IncGotSmiley, a program by Claria/GAIN Publishing Inc (also known as Gator), allows user to choose from over 1,000 unique smileys and icons for their email messages. In exchange for their free software they bundle a program called Gain AdServer which provides you with targeted pop-up advertisements based on keywords it collects from websites while you browse. Claria's eWallet and Offer companion are also bundled along with GotSmiley.Characteristics/Symptoms: Collects information about users activitySlows the SystemShows targeted popup adsInstalls other Adware alsoDate: 2006-03-21Security Level: HighOperating OS: WIN XPInstallation Type: Installed through EXEOperation: After InstallationTime of Operation: After Installation/Browser Restart.Screenshot:a) On IE Toolbarb) System Tray Iconc) Main window screenshot2. Installation Sample and Image2.1. Installation SampleOrigin URL: http://download.gainpublishing.com/gotsmiley/GotSmileySetupWebSite.exe 3. Changes after installation 3.1. Process: GotSmiley.exe, GSYUpdater.exeFiles and Location: C:\Program Files\GotSmiley\GotSmiley.exeC:\Program Files\GotSmiley\GSYUpdater.exe3.2 Directories:GotSmiley Installer creates following directories:C:\Program Files\GotSmileyC:\Program Files\GotSmiley\ImagesC:\Program Files\GotSmiley\Images\00001000C:\Program Files\GotSmiley\Images\00001000\00000001C:\Program Files\GotSmiley\Images\00001000\00000001\cfgC:\Program Files\GotSmiley\Images\00001000\00000001\cfg\enC:\Program Files\GotSmiley\Images\00001000\00000002C:\Program Files\GotSmiley\Images\00001000\00000002\cfgC:\Program Files\GotSmiley\Images\00001000\00000002\cfg\enC:\Program Files\GotSmiley\Images\cfgC:\Program Files\GotSmiley\Images\CustomSmileysC:\Program Files\GotSmiley\Images\CustomSmileys\CreateSmileysC:\Program Files\GotSmiley\Images\CustomSmileys\SavedSmileysC:\Program Files\GotSmiley\Images\CustomSmileys\SavedSmileys\cfgC:\Program Files\GotSmiley\Images\CustomSmileys\SavedSmileys\cfg\enC:\Program Files\GotSmiley\Images\EmotionsC:\Program Files\GotSmiley\Images\Emotions\AngryC:\Program Files\GotSmiley\Images\Emotions\GreetingsC:\Program Files\GotSmiley\Images\Emotions\HappyC:\Program Files\GotSmiley\Images\Emotions\LoveC:\Program Files\GotSmiley\Images\Emotions\SadC:\Program Files\GotSmiley\Images\Emotions\ShockedC:\Program Files\GotSmiley\Images\Emotions\ShyC:\Program Files\GotSmiley\Images\Emotions\TeasingC:\Program Files\GotSmiley\Images\Emotions\ThinkingC:\Program Files\GotSmiley\Images\EntertainmentC:\Program Files\GotSmiley\Images\Entertainment\HoroscopeC:\Program Files\GotSmiley\Images\Entertainment\MusicC:\Program Files\GotSmiley\Images\Entertainment\SportsC:\Program Files\GotSmiley\Images\HobbiesAndLeisureC:\Program Files\GotSmiley\Images\HobbiesAndLeisure\DiningC:\Program Files\GotSmiley\Images\HobbiesAndLeisure\ExerciseC:\Program Files\GotSmiley\Images\HobbiesAndLeisure\IndoorC:\Program Files\GotSmiley\Images\HobbiesAndLeisure\OutdoorC:\Program Files\GotSmiley\Images\HobbiesAndLeisure\SleepingC:\Program Files\GotSmiley\Images\HolidaysC:\Program Files\GotSmiley\Images\Holidays\ChristmasC:\Program Files\GotSmiley\Images\Holidays\EasterC:\Program Files\GotSmiley\Images\Holidays\FathersDayC:\Program Files\GotSmiley\Images\Holidays\FourthofJulyC:\Program Files\GotSmiley\Images\Holidays\HalloweenC:\Program Files\GotSmiley\Images\Holidays\HanukkahC:\Program Files\GotSmiley\Images\Holidays\MothersDayC:\Program Files\GotSmiley\Images\Holidays\NewYearC:\Program Files\GotSmiley\Images\Holidays\StPatricksDayC:\Program Files\GotSmiley\Images\Holidays\ThanksgivingC:\Program Files\GotSmiley\Images\Holidays\ValentinesDayC:\Program Files\GotSmiley\Images\MostPopularC:\Program Files\GotSmiley\Images\ObjectsC:\Program Files\GotSmiley\Images\Objects\AlphabetC:\Program Files\GotSmiley\Images\Objects\AnimalsC:\Program Files\GotSmiley\Images\Objects\CountryFlagsC:\Program Files\GotSmiley\Images\Objects\FoodC:\Program Files\GotSmiley\Images\Objects\GeneralC:\Program Files\GotSmiley\Images\Objects\MilitaryC:\Program Files\GotSmiley\Images\Objects\NumbersC:\Program Files\GotSmiley\Images\Objects\StateFlagsC:\Program Files\GotSmiley\Images\Objects\TransportationC:\Program Files\GotSmiley\Images\OccasionsC:\Program Files\GotSmiley\Images\Occasions\BirthdayC:\Program Files\GotSmiley\Images\Occasions\CongratulationsC:\Program Files\GotSmiley\Images\Occasions\GeneralC:\Program Files\GotSmiley\Images\Occasions\PartyC:\Program Files\GotSmiley\Images\PeopleC:\Program Files\GotSmiley\Images\People\OccupationsC:\Program Files\GotSmiley\Images\People\OtherC:\Program Files\GotSmiley\Images\testC:\Program Files\GotSmiley\Images\WordBubblesC:\Program Files\GotSmiley\Images\WordBubbles\EverydayC:\Program Files\GotSmiley\Images\WordBubbles\NegativeC:\Program Files\GotSmiley\Images\WordBubbles\PositiveC:\Program Files\GotSmiley\SkinsC:\Documents and Settings\All Users\Start Menu\Programs\GotSmiley3.3. ActiveX Information ActiveX Screenshot:File location

Characteristics/Symptoms:

    -> Collects information about users activity -> Slows the System -> Shows targeted popup ads -> Installs other Adware also0

Additional information might be found here:

google Search at Google for GotSmiley
bing Search at Bing for GotSmiley
yahoo Search at Yahoo for GotSmiley

Processes Running:

GotSmiley.exe, GSYUpdater.exe

File information Created after Installation:

File Location Size (Bytes) Type
C:\Program Files\GotSmiley\Images\Objects\Animals\Stork-boy.gif 226 GIF Image
C:\Program Files\GotSmiley\Images\Objects\Animals\Stork-girl.gif 226 GIF Image
C:\Program Files\GotSmiley\Images\Objects\Animals\Tiger.gif 244 GIF Image

Folder information Created after Installation:

Folder Location
C:\Program Files\GotSmiley
C:\Program Files\GotSmiley\Images

Registry information Created after Installation:

Main Registry Key Sub Registry Key Key Value Name