Updated: February 13, 2007 11:40:37 AM
Type: Adware
Version: 1.1
Publisher: Searchforit.com
Risk Impact: Medium
File Names: syssfitb.dll,sysfit.exe,syssfitb2.dll,ca2.dll,replaceSearch.dll,sf.exe,sfita.exe,sfi2.dll.
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Creates the following files:
- %System%\syssfitb.dll
- %System%\ca2.dll
- %System%\replaceSearch.dll
- %Windir%\sfita.exe
Note:
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- Creates the following registry subkeys:
HKEY_CLASSES_ROOT\SYI.SYIObj.1
HKEY_CLASSES_ROOT\SYI.SYIObj
HKEY_CLASSES_ROOT\CLSID\{C109664B-CEB1-420B-B353-D55A561536DD}
HKEY_CLASSES_ROOT\CLSID\{832BEBED-C3DA-4534-A2C2-B2FFF220C820}
HKEY_CLASSES_ROOT\CLSID\{B5F3970B-745E-46AC-B890-E08F69777D80}
HKEY_CLASSES_ROOT\TypeLib\{F43085A3-5FBD-4954-B7BF-00A8F1A1B9FE}
HKEY_CLASSES_ROOT\TypeLib\{919F8A8D-135D-44FC-A809-B36083EEAE35}
HKEY_CLASSES_ROOT\TypeLib\{B9C1DD92-B443-4BF1-B4C0-950E41A9F9F7}
HKEY_CLASSES_ROOT\Interface\{2DB1A6DF-8120-47BD-9DCE-CFCD47B17B24}
HKEY_CLASSES_ROOT\Interface\{AB94D42B-64E9-436F-887C-CF38FE475CFC}
HKEY_CLASSES_ROOT\Interface\{337278B8-50AF-4F67-8929-E7D6B8DDD66B}
HKEY_CLASSES_ROOT\Interface\{FAAEB405-B7B0-4749-81DE-DF36B2D36531}
HKEY_LOCAL_MACHINE\SOFTWAREe\Classes\Ca.Cas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ca.Cas.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\drs.n
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ReplaceSearch.ReplaceSearchCtl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ReplaceSearch.ReplaceSearchCtl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{832BEBED-C3DA-4534-A2C2-B2FFF220C820}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5F3970B-745E-46AC-B890-E08F69777D80}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C109664B-CEB1-420B-B353-D55A561536DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchforitsearchforit
HKEY_CURRENT_USER\SOFTWARE\searchforit
HKEY_CURRENT_USER\SOFTWARE\DR_S
- Adds the value:
"{C109664B-CEB1-420B-B353-D55A561536DD}" = "[RANDOM HEX NUMBERS]"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
- Adds the value:
"{C109664B-CEB1-420B-B353-D55A561536DD}" = "[RANDOM HEX NUMBERS]"
to the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
