Updated: February 13, 2007 11:40:21 AM
Type: Adware
Version: 2.0
Publisher: ezcybersearch.com
Risk Impact: High
File Names: ezs.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.EZSearch runs, it does the following:
- Creates the following file:
%SYSTEM%\ezs.dll
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Creates the following registry keys:
HKEY_CURRENT_USER\Software\eeee
HKEY_CLASSES_ROOT\eeeezzzz.CSrcBnd.1
HKEY_CLASSES_ROOT\eeeezzzz.HBO.1
HKEY_CLASSES_ROOT\eeeezzzz.HBO
HKEY_CLASSES_ROOT\eeeezzzz.Inst.1
HKEY_CLASSES_ROOT\eeeezzzz.Inst
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EZ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B14423EE-8024-4407-8AE8-CA5AEDA39B81}
HKEY_CLASSES_ROOT\CLSID\{09860DED-A434-49EA-AD61-427EF7B7F214}
HKEY_CLASSES_ROOT\CLSID\{B14423EE-8024-4407-8AE8-CA5AEDA39B81}
HKEY_CLASSES_ROOT\CLSID\{F0D4DDD6-BE12-4718-A543-0F7DB6CA600D}
HKEY_CLASSES_ROOT\TYPELIB\{F784F91D-87D4-4897-940D-FB7C6475EBBB}
HKEY_CLASSES_ROOT\INTERFACE\{079E2AC3-3120-4FEA-BC59-4B0FC882D283}
HKEY_CLASSES_ROOT\INTERFACE\{FB949D1C-821E-4A65-9964-EEC8B347AA44}
HKEY_CLASSES_ROOT\INTERFACE\{944F4137-C25C-41BD-ABA7-554FAAA59F56}
- Modifies the Hosts file (located at %SYSTEM%\drivers\etc\hosts in Windows XP and 2K and %Windir%\hosts in Windows 98/ME) by adding the line:
64.159.94.251 auto.search.msn.com
which redirects searches to ezcybersearch's search site.
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
