Updated: February 13, 2007 11:39:26 AM
Type: Spyware
Version: 2.0
Risk Impact: High
File Names:
toolbar.dll
Searchit_toolbar.exe
searchit_toolbar.cab
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Spyware.IEToolbar is installed, it performs the following actions:
- Opens the browser to display a page at www.searchit.com
- Creates the following files:
- about.html
- error.html
- logos.bmp
- nav.bmp
- options.html
- toolbar.crc
- toolbar.dll
- toolbar.inf
in one of the following locations:
- %ProgramFiles%\IEToolbar
- %Windir%\Downloaded Program Files
Note:
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- Creates the following registry entries:
HKEY_CLASSES_ROOT\CLSID\{BECD7FB6-D67E-4104-A8AD-0DBC10251438}
HKEY_CLASSES_ROOT\CLSID\{7CBBB3F1-0E68-43FA-B034-4D3EC394D085}
HKEY_CLASSES_ROOT\TypeLib\{B36CB30A-6ED9-4C63-9A8A-7DE9FA234608}
HKEY_CLASSES_ROOT\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF}
HKEY_CLASSES_ROOT\Softomate.IEToolbar
HKEY_CLASSES_ROOT\Softomate.IEToolbar.1
HKEY_CLASSES_ROOT\ToolbarToolbar5
HKEY_CLASSES_ROOT\ToolbarToolbar5.1
HKEY_CURRENT_USER\software\Toolbar5
HKEY_CURRENT_USER\software\Toolbar5\IEToolbar
HKEY_CURRENT_USER\software\Toolbar5\IEToolbar.1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&SearchIt Toolbar Search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{BECD7FB6-D67E-4104-A8AD-0DBC10251438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BECD7FB6-D67E-4104-A8AD-0DBC10251438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{BECD7FB6-D67E-4104-A8AD-0DBC10251438}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolbarToolbar5IEToolbar
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
