Updated: February 13, 2007 11:34:41 AM
Type: Adware
Publisher: http://search-q.com
Risk Impact: Low
File Names: ccHelp.hta,wwHelp.hta,cc96629.dll,cc96629.ico
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.Searchq is executed, it performs the following actions:
- Drops a copy of itself to the %System% folder.
Note: %System% is a variable. The adware locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Contacts a remote server to check for an updated version of itself.
- Downloads cc96629.dll to the %System% folder and registers the .dll.
- Creates the following registry subkeys:
HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\cid
HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\vNum
HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\dvNum
HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\drDate
HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\rCount
HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\svNum
HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\sdvNum
- May drop a copy of itself to the Internet Explorer Temporary Files folder as cc96629[1].ico.
- Downloads and executes the wwHelp.hta portion of the software, which will begin to display advertisements.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
