Updated: February 13, 2007 11:40:33 AM
Type: Adware
Risk Impact: Medium
File Names: rundlg32.dll; winsx.dll
Systems Affected: Windows 2000, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.Iwantsearch is executed, it performs the following actions:
- Creates the following file:
- C:\Program Files\IntBar\rundlg32.dll
Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- Adds values to the following registry subkeys:
HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1
HKEY_CLASSES_ROOT\ToolBand.ToolBandObj
HKEY_CLASSES_ROOT\ToolBand.StartBHO.1
HKEY_CLASSES_ROOT\ToolBand.StartBHO
HKEY_CLASSES_ROOT\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKEY_CLASSES_ROOT\CLSID\{A9AEE0DD-89E1-40EE-8749-A18650CC2175}
HKEY_CLASSES_ROOT\Interface\{F9BDB492-37D6-4E33-B324-058B22E21FFA}
HKEY_CLASSES_ROOT\TypeLib\{1293FED0-03D0-4426-B0CF-9D3C5141BA8C}
HKEY_CLASSES_ROOT\Popup.Pop
HKEY_CLASSES_ROOT\Popup.Pop.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9AEE0DD-89E1-40EE-8749-A18650CC2175}
HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\URLSearchHooks\{30192F8D-0958-44E6-B54D-331FD39AC959}
HKEY_ALL_USERS\Software\SerG
HKEY_ALL_USERS\Software\Pop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winds_24
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBSoft
- Adds the value:
"Start Page" = "[URL pointing to the www.iwantsearch.com domain]"
to the registry subkey:
HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Main
so that the IE homepage is changed.
- Adds a search toolbar to Internet Explorer.
- Displays pop-up ads.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
