Updated: February 13, 2007 11:40:19 AM
Type: Adware
Version: 2.0
Publisher: EzCyberSearch.com
Risk Impact: High
File Names: ezsearch.dll,ezs.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.EZSearch runs, it does the following:
- Creates the following file:
%SYSTEM%\ezsearch.dll
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Creates the following registry keys:
HKEY_CURRENT_USER\Software\ezSearchBar2
HKEY_CLASSES_ROOT\EzSearchBar.CSrcBnd.1
HKEY_CLASSES_ROOT\EzSearchBar.BHO.1
HKEY_CLASSES_ROOT\EzSearchBar.BHO
HKEY_CLASSES_ROOT\EzSearchbar.Inst.1
HKEY_CLASSES_ROOT\EzSearchBar.Inst
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ezSearchBar
HKEY_CLASSES_ROOT\CLSID\{CCE83E45-30B2-4BAE-B1F5-25D128D27A43}
HKEY_CLASSES_ROOT\CLSID\{760A9DDE-1433-4A7C-8189-D6735BB5D3DD}
HKEY_CLASSES_ROOT\CLSID\{B8AB2281-447F-482B-86E9-1F0ED5973637}
HKEY_CLASSES_ROOT\TYPELIB\{F6B19C26-D8E5-40D6-94BD-A56FAE4C77C3}
HKEY_CLASSES_ROOT\INTERFACE\{58ED251A-509E-45CA-BD0E-D25AC8F56F60}
HKEY_CLASSES_ROOT\INTERFACE\{27F2EE5E-3E74-40BB-AE16-2D9EEEC6C0CF}
HKEY_CLASSES_ROOT\INTERFACE\{5B330393-333B-4E47-877C-763EE9CEE1A6}
- Modifies the Host file (located at %SYSTEM%\drivers\etc\hosts in Windows XP and 2K and %Windir%\hosts in Windows 98/ME) by adding the line:
64.159.94.251 auto.search.msn.com
which redirects searches to ezcybersearch's search site.
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
