1. /
  2. Security Response/
  3. Trackware.Alexa

Trackware.Alexa

Updated:
February 13, 2007 11:38:04 AM
Type:
Trackware
Version:
7.0.1.49.1199
Publisher:
Alexa Internet, Inc.
Risk Impact:
Low
File Names:
AlxRes.dll AlxTB1.dll
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Trackware.Alexa is executed, it performs the following actions:
  1. Creates the following registry subkeys:

    HKEY_CLASSES_ROOT\AlxTB.BHO
    HKEY_CLASSES_ROOT\AlxTB.BHO.1
    HKEY_CLASSES_ROOT\CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}
    HKEY_CLASSES_ROOT\CLSID\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}
    HKEY_CLASSES_ROOT\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}
    HKEY_CLASSES_ROOT\CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}
    HKEY_CLASSES_ROOT\CLSID\{EA20F195-32DA-4bd6-B348-FD02FC7D3D5A}
    HKEY_CLASSES_ROOT\CLSID\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}
    HKEY_CLASSES_ROOT\Component Categories
    \{00021493-0000-0000-C000-000000000046}\Enum
    HKEY_CLASSES_ROOT\Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}
    HKEY_CLASSES_ROOT\Interface\{0B32BCCD-4D64-48EB-8EC3-9BA0807D1349}
    HKEY_CLASSES_ROOT\Interface\{0BBB0424-E98E-4405-9A94-481854765C80}
    HKEY_CLASSES_ROOT\Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}
    HKEY_CLASSES_ROOT\Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}
    HKEY_CLASSES_ROOT\Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}
    HKEY_CLASSES_ROOT\Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}
    HKEY_CLASSES_ROOT\Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}
    HKEY_CLASSES_ROOT\Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}
    HKEY_CLASSES_ROOT\Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}
    HKEY_CLASSES_ROOT\Interface\{9AF74448-EBD1-484C-8B06-35E597C0B54C}
    HKEY_CLASSES_ROOT\Interface\{9BAB764B-E4F3-4C7B-99AD-CDF696BBE3A8}
    HKEY_CLASSES_ROOT\Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}
    HKEY_CLASSES_ROOT\Interface\{A6A68CBD-6673-41B1-B997-3F83A25B45B0}
    HKEY_CLASSES_ROOT\Interface\{ABF7C4D4-53EF-4C15-8954-D22F63C98E9F}
    HKEY_CLASSES_ROOT\Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}
    HKEY_CLASSES_ROOT\Interface\{B71C7D9A-DA43-4E8B-BB98-1684AC2AF324}
    HKEY_CLASSES_ROOT\Interface\{B79D9232-A798-43DB-9E61-281D550460E4}
    HKEY_CLASSES_ROOT\Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}
    HKEY_CLASSES_ROOT\Interface\{DC21CEDE-3E81-43D7-B816-DAEFA7B4901F}
    HKEY_CLASSES_ROOT\Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}
    HKEY_CLASSES_ROOT\PopMenu.Menu
    HKEY_CLASSES_ROOT\PopMenu.Menu.1
    HKEY_CLASSES_ROOT\Popup.HTMLEvent
    HKEY_CLASSES_ROOT\Popup.HTMLEvent.1
    HKEY_CLASSES_ROOT\Popup.PopupKiller
    HKEY_CLASSES_ROOT\Popup.PopupKiller.1
    HKEY_CLASSES_ROOT\TypeLib\{547AB549-4DD8-4ea0-B070-F6EA062148FF}
    HKEY_CLASSES_ROOT\TypeLib\{EACAA5CE-99B3-470E-9629-8F98F4C4B637}
    HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\Research
    \Sources\{19C33034-3878-4beb-B843-62C2761AFF96}
    \{56D356FA-B174-424b-BF3A-AF35E6A94DDE}
    HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Internet
    HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Toolbar
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Uninstall\Alexa Toolbar


  2. Adds the value:

    "Alexa Toolbar" = ""

    to the registry subkey:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform

  3. Creates the following files:

    • %Windir%\System32\AlxRes.dll
    • %Windir%\System32\AlxTB1.dll
    • %ProgramFiles%\Alexa Toolbar\uninstall.exe

      Notes:
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  4. Displays an Alexa toolbar when Internet Explorer is opened.

  5. Adds a button with Alexa's logo (the letter "a" in a blue circle) to the Standard Buttons toolbar. This button is used to make the Alexa toolbar appear and disappear.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver