My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus


aprox 200 kb


  1. This adware usually disguises itself as an "codec" for viewing or listening to media files. It states that without this product the user can't access the wanted file. A sample of this kind of strategy of spreading is explained here :
  2. A window pops up while the user tries to access a certain kind of exploited media file with the title "Play Free MP3s" . It has a checkbox to validate the users choice of the products EULA to a company named "Media Holding Enterprises" . The user has the predefined choice ( the checkbox is already checked ) to install another adware : Adware.Mirar.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel Chipiristeanu, virus researcher

Technical Description:

This application is meant to take personal information from the clients computer and use it in marketing or suspicious practices. When executed the adware displays a pop-up with the EULA.
After that it creates the following files :

  1. %windows%\system32\mtrepair2.exe
  2. %windows%\system32\mtrepair1.exe
  3. %windows%\system32\winnb54.dll
  4. %program files%\navigationenhancer\navigationenhancer-1.dll   
  5. %temp%\tema.tmp.exe    which is an installer for "Mirar" toolbar.

Based on the kind of file, BitDefender detects them as Adware.Mirar or Adware.FBrowsingAdvisor .

It creates these registry entries :
  1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services "mtrepair1"
  2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services "mtrepair2"
  3. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" with the value "Mirar"
  4. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" with the value "NavigationEnhancer"
  5. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" with the value "MBarInstall"

From the EULA we can notice the sort of private information collector that the adware is ( from the part  "Permissions You Grant Us" - this is actually a chunk of the malware EULAs and the italic selected text could help the user understand the kind of threat the software represents for his privacy) :

1) You grant Media Holding Enterprises the right to collect, retain and analyze all information pertaining to the use of your computer. This may include, but is not limited to, information and data regarding the use and surfing of the Internet; Internet browsing habits; URLs accessed and/or visited; other Licensed Materials packages that may have installed; search keywords; links, banners and/or ads clicked; domain names; Internet Service Provider information; Dynamic Host Configuration Protocol and Internet Protocol (static or dynamic) addresses; and/or the duration and number of visit(s) to websites and pages (collectively the "Information").  With respect to any Information gathered by the Licensed Materials, you agree that Media Holding Enterprises may use such Information for its business purposes, including, but not limited to; product support; Internet surfing trends and analysis; Information aggregation; pattern and geographic analysis; marketing, and development; both for ourselves and for third parties. You grant us the express permission to share and/or sell any of the Information we collect with 3rd Parties.
 2) Upon installation and/or registration of the Licensed Materials, you grant to Media Holding Enterprises your express permission to contact you with important information about your account and updates to our services, policies and business practices. You have the option to choose not to be contacted by uninstalling the Licensed Materials. If any information you provide to Media Holding Enterprises is incomplete or inaccurate, we have the right to terminate your license and ability to use the Licensed Materials.
3) You grant to Media Holding Enterprises your express permission to augment your Internet search results with context-sensitive advertising, to provide a specialized toolbar for targeted marketing and search results, to install icons for advertising link/launchers; all to work in conjunction with and as an enhancement to your present Internet browser technology.
4) You grant to Media Holding Enterprises your express permission to deliver to you, as part of the functionality of the Licensed Materials: a) URL based pop-up and pop-under advertising or search-relevant links b) error page helpers for DNS and 404 page errors c) the delivery and automatic installation of all updates and enhancements to the Licensed Materials d) the bundling of 3rd Party software applications with the Licensed Materials and any updates/enhancements of same.