Adware.Topsearch

Printer Friendly Page

Updated: February 13, 2007 11:32:46 AM

Type: Adware

Version: Not available

Publisher: Altnet, Inc.

Risk Impact: Medium

File Names: Topsearch.dll; asm.exe; asmps.dll; Points Manager.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Adware.TopSearch is executed, it will perform some of the following actions:

Creates the following files:
- %ProgramFiles%\KaZaA\topsearch.dll (may be installed at other locations.)
- %ProgramFiles%\Altnet\Download Manager\asm.exe
- %ProgramFiles%\Altnet\Download Manager\asmps.dll
- %ProgramFiles%\Altnet\Download Manager\altinst1.dll
- %ProgramFiles%\Altnet\Download Manager\altinst2.dll
- %ProgramFiles%\Altnet\My Altnet Shares\ (may contain a number of files)
- %ProgramFiles%\Altnet\DBBackup\Sigfiles.db
- %ProgramFiles%\Altnet\Points Manager\Local Pages (may contain a number of .gif and .html files)
- %ProgramFiles%\Altnet\Points Manager\Skin (may contain a number of .bmp files)
- %ProgramFiles%\Altnet\Points Manager\Temp Internet Shares (may contain a number of files)
- %ProgramFiles%\Altnet\Points Manager\points manager.exe
- %ProgramFiles%\Altnet\Points Manager\Points Manager.exe.Manifest
- %ProgramFiles%\Altnet\Points Manager\settings.cab
- %ProgramFiles%\Altnet\Points Manager\setup.cab
- %ProgramFiles%\Altnet\Points Manager\sysdetect.dll
- %Windir%\smdat32m.sys
- %Windir%\smdat32a.sys
- %Windir%\Fonts\acrsec.fon
- %Windir%\Fonts\acrsecI.fon
- %Windir%\Fonts\acrsecB.fon
- %System%\TopSearch.dll
  
  Notes:
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
Creates the file [ORIGINAL FILE NAME].Manifest

Note: [ORIGINAL FILE NAME] refers to the file that originally executed the security risk.
Creates the following registry keys:

HKEY_CLASSES_ROOT\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} HKEY_CLASSES_ROOT\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75} HKEY_CLASSES_ROOT\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} HKEY_CLASSES_ROOT\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8} HKEY_CLASSES_ROOT\CLSID\{E813099D-5529-47F4-9B37-4AFAFCB00A43} HKEY_CLASSES_ROOT\Interface\{AD5BC1F0-72D8-44B3-8E3D-8E8FECCE43FB} HKEY_CLASSES_ROOT\Interface\{E813099D-5529-47F4-9B37-4AFAFCB00A43} HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE HKEY_CLASSES_ROOT\SigningModule.SigningModule HKEY_CLASSES_ROOT\SigningModule.SigningModule.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AltnetDM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM HKEY_LOCAL_MACHINE\SOFTWARE\Altnet
Adds the following value:

"AltnetPointsManager

"

= "Random Location"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}