Sophos

VegasRed

Category
Type
What to do
  • If you've received an alert for a blocked PUA or adware and decide that the application is not suitable for your workplace, then follow the instructions for removing PUAs.

Summary

 
Affected operating systems Windows
Characteristics
  • Installs itself in the registry
Included in our products from May 2007 (4.17)
Protection available since 7 July 2006 22:09:27 (GMT)
Last updated 25 March 2007 02:34:35 (GMT)
Detected by Sophos Anti-Virus for Windows, version 7, and PureMessage for Microsoft Exchange.

More Information

VegasRed is an adware-supported online gaming application.

Throughout the installation a basename will be used, for example "Vegas Red Casino" or "Casino King", depending on the website being used - this will be referred to here as <basename>.

When first run, the installation file for VegasRed copies itself to <Windows folder>\<basename> setup.exe, and creates files in the folder C:\Casino\<basename>, as well as the following files:

<Programs>\<basename>\<basename>.lnk
<Programs>\<basename>\Uninstall <basename>.lnk
<Desktop>\<basename>.lnk
<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\<basename>.lnk

The folder C:\Casino\<basename> contains the main executable file for VegasRed, third party dll and exe files, and numerous graphics, sound and data files.

Registry entries are created under:

HKLM\SOFTWARE\PTECH
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\<basename>
HKLM\SOFTWARE\<basename>
HKCU\Software\<basename>

Registry entries may also be created under:

HKLM\SOFTWARE\Microsoft\Internet
Explorer\Extensions\{D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68}
HKCU\Software\Microsoft\Internet
Explorer\Extensions\CmdMapping\{D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68}

RSS|Atom
Get reports about the latest adware and potentially unwanted applications (PUAs) delivered to your computer