||||
Symantec.com > Security Response > Threats and Risks > Spyware.ISearch
PRINT THIS PAGE

Spyware.ISearch

Printer Friendly Page

Updated: February 13, 2007 11:39:25 AM
Type: Spyware
Version: 1.0.0.1
Publisher: iDownload.com
Risk Impact: High
File Names: install.exe toolbar.dll idInst.exe idcs50202.exe OTY2MTo4OjEy.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Once Spyware.ISearch is executed, it performs the following actions:

  1. Creates one or more of the following files:

    • %Windir%\Unins000.exe (An uninstaller)
    • %Windir%\Unins000.dat
    • %System%\Toolbar.dll (A Browser Helper Object detected as Spyware.ISearch)
    • %System%\Version.txt
    • %UserProfile%\Local Settings\Temp\idcs50202.exe

      Notes:
    • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

  2. Creates the following registry subkeys:

    HKEY_CLASSES_ROOT\CLSID\{1C78AB3F-A857-482E-80C0-3A1E5238A565}
    HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects
    \{1C78AB3F-A857-482E-80C0-3A1E5238A565}
    HKEY_CLASSES_ROOT\iSearch.Object
    HKEY_CLASSES_ROOT\iSearch.Object.1
    HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
    HKEY_LOCAL_MACHINE\Software\Classes\TypeLib
    \{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID
    \{1C78AB3F-A857-482E-80C0-3A1E5238A565}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
    \{1C78AB3F-A857-482E-80C0-3A1E5238A565}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects
    \{1C78AB3F-A857-482E-80C0-3A1E5238A565}
    HKEY_LOCAL_MACHINE\Software\In3rd
    HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Uninstall
    \iSearch Toolbar_is1
    HKEY_CURRENT_USER\Software\iSearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
    \WebBrowser\{1C78AB3F-A857-482E-80C0-3A1E5238A565}
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
    \URLSearchHooks\{1C78AB3F-A857-482E-80C0-3A1E5238A565}
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
    \&iSearch The Web

  3. Modifies the values:

    "Btn_Search" = "2"
    "NoDriveTypeAutoRun" = "91"
    "SpecifyDefaultButtons" = "1"
    "    NoBandCustomize" = "1"
    "    NoToolbarCustomize" = "1

    in the registry subkey:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

    Search by name
    Example: W32.Beagle.AG@mm
    Learn more about Zero-Day / Operation Aurora / Hydraq
    Symantec DeepSight Screensaver
    ©1995 - 2010 Symantec Corporation
    Site Map|
    Legal Notices|
    Privacy Policy|
    |
    Contact Us|
    Global Sites|
    License Agreements|
    RSS