Borlan is an adware application designed to serve unsolicited commercial advertisements written mostly in Chinese. The threat also changes the Internet Explorer default home page. Borlan periodically contacts a predetermined web server in order to receive additional instructions and update its settings. The application works as a web browser add-on. It can also automatically run as a service on every Windows startup.
mmsassist.dllstdup.dll
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesstdserviceHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesstdserviceHKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Page_URL=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainDefault_Page_URL=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMMSAssistHKEY_CURRENT_USERSoftwareRFOHKEY_LOCAL_MACHINESOFTWAREStdupHKEY_LOCAL_MACHINESOFTWAREClassesAd.AxObjHKEY_LOCAL_MACHINESOFTWAREClassesAd.AxObj.1HKEY_LOCAL_MACHINESOFTWAREClassesInsII.brinsHKEY_LOCAL_MACHINESOFTWAREClassesMMSBho.MMSAssistHKEY_LOCAL_MACHINESOFTWAREClassesMMSBho.MMSAssist.1HKEY_LOCAL_MACHINESOFTWAREClassesMMSBho.MMSAssistMenuHKEY_LOCAL_MACHINESOFTWAREClassesMMSBho.MMSAssistMenu.1HKEY_LOCAL_MACHINESOFTWAREClassesFBDF84372483F7693F63FF6671A431-5C3D-463d-A7CF-5587F9B7E1916A512BF7-EC78-4e8d-9841-6C02E8FA983874289A79-E652-4A57-A6B9-EE64AD532A8DAB45CE36-C280-4525-BCF9-1BD01D3E4B57077525AC-C681-4139-8C3E-B582BDD375C722F87D75-7DD1-4545-94B3-CA80C0F462C66671A433-5C3D-463d-A7CF-5587F9B7E191HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMenuExt>>[Chinesecharacters]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallMMSAssist