Adware.SideSearch

Printer Friendly Page

Updated: February 13, 2007 11:36:43 AM

Type: Adware

Publisher: Lycos

Risk Impact: Medium

File Names: sidesearch[Random numbers].dll sst.dll sep.dll SEPInst.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.SideSearch is executed, it performs the following actions:

Creates the following folders:
- %ProgramFiles%\Lycos
- %ProgramFiles%\Lycos\SideSearch
- %ProgramFiles%\Lycos\Sidesearch\Temp
- %UserProfile%\Application Data\Lycos\Sidesearch\
  
  Note:
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
Installs itself in one or more of the following locations:
- %ProgramFiles%\Lycos\Sidesearch\offline.htm
- %ProgramFiles%\Lycos\Sidesearch\results-lycos-logo.gif
- %ProgramFiles%\Lycos\SideSearch\sidesearch[Random Numbers].dll
- %ProgramFiles%\Lycos\Sidesearch\Uninst.exe
- %ProgramFiles%\Lycos\Uninst.exe
- %ProgramFiles%\Lycos\sst.dll
- %ProgramFiles%\Lycos\sstu.exe
- %ProgramFiles%\SEP\sep.dll
- %ProgramFiles%\SEP\Uninst.exe
- %UserProfile%\Desktop\Lycos Sidesearch.lnk
- %UserProfile%\Start Menu\Programs\Lycos Sidesearch.lnk
  
  Note:
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
Registers itself as a Browser Helper Object.
Creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000762-3965-4A1A-98CE-3D4BF457D4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000007AB-7059-463E-BD44-101A1750D732} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF286CEA-635D-40C5-A891-B40A0F520539} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{000007AB-7059-463E-BD44-101A1750D732} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{000007C6-17DF-4438-92A4-DE5537471BA3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000762-3965-4A1A-98CE-3D4BF457D4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} HKEY_LOCAL_MACHINE\SOFTWARE\Lycos HKEY_LOCAL_MACHINE\SOFTWARE\Lycos\Sidesearch HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Sep.Band HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Sep.Band.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Sep.Search HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Sep.Search.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEPHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lycos Sidesearch
Adds the following values:

"{00000762-3965-4A1A-98CE-3D4BF457D4C8}" = "Sidesearch BHO" "{000007AB-7059-463E-BD44-101A1750D732}" = "Sidesearch" "{FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D}" = "SST"

to this registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Adds the following value:

"ssnosi" = "sst_eligible"
to this registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Lycos
Adds the following value:

"Autosearch" = 4
to this registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Modifies the following value:

"provider" = "lyco"

in this registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\
Monitors Web pages visited on the compromised computer.
Displays Lycos search results in the search panel of Internet Explorer when queries are made to other search engines or shopping Web sites.

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}