200k - 400k
Pop-ups advertisements may appear. Some versions create %SYSTEM%\nvs2.inf file
Please let BitDefender disinfect your files.
Stefan Catalin Hanu, virus researcher
The Adware.NaviPromo malware family is an advanced and difficult-to-detect adware that runs silently on the infected computer. It uses rootkit techniques to hide its files on disk and memory. It also hides its registry entries.
This malware comes bundled with several software which can be downloaded from the following sites and is installed along with them.
Adware.Navipromo is usually found in %SYSTEM% or C:\Documents and Settings\[USER]\Local Settings\Application Data
After first execution, it creates and hides one or more additional files in the same directory, ending with
It injects code into explorer.exe process and connects to the internet. NaviPromo monitors your browsing habits, sends this data to its creators and then attacks your desktop with numerous pop-up advertisements that is somewhat related with the websites you usually visit.
It might also create: %WINDOWS%\temp\msksetup.log and download an executable ( self-update ) in %TEMPDIR%\aup.tmp that contains attached the new random name of the file.
Adware.NaviPromo may also create the following registry subkey:
which contains information about the adware, and adds one registry
value ( hidden ):
[random_name] = "[PATH_TO_FILE]\[random_name].exe" [random_name]
to one of the following registry subkeys: