||||
Symantec.com > Security Response > Threats and Risks > Spyware.PowerSearch
PRINT THIS PAGE

Spyware.PowerSearch

Printer Friendly Page

Updated: February 13, 2007 11:40:43 AM
Type: Spyware
Version: 2.07
Publisher: Sirsearch.com
Risk Impact: High
File Names: pwrsdemo.dll,gamebar.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Creates the following files:
    • %ProgramFiles%\PowerSearch_Toolbar_Demo\TrackingPostBack.exe
    • %ProgramFiles%\PowerSearch_Toolbar_Demo\setup_powersearch_Demo.exe
    • %ProgramFiles%\PowerSearch\Toolbar\Demo\pwrsdemo.dll (detected as Spyware.Powersearch)
    • %ProgramFiles%\PowerSearch\Toolbar\Demo\setup.exe
    • %ProgramFiles%\PowerSearch\Toolbar\Demo\uninstall.exe
    • %ProgramFiles%\GameRival\GameBar\gamebar.dll
    • %ProgramFiles%\GameRival\GameBar\Tipb.exe (detected as Adware.Keenval)

      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  1. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-DDF3-FA68A787AD2D}
    HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D}
    HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-DDF3-FA68A787AD2D}
    HKEY_CLASSES_ROOT\CLSID\{82818A07-C340-4960-A28E-0927E420A6C8}
    HKEY_CLASSES_ROOT\Toolbar.PWRSDEMO
    HKEY_CLASSES_ROOT\Toolbar.BarRuler
    HKEY_CLASSES_ROOT\gamebar.GAMEBAR
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PowerSearch
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameBar
    HKEY_CURRENT_USER\Software\IntermixMedia
    HKEY_CURRENT_USER\Sofware\PWRSDEMO
    HKEY_LOCAL_MACHINE\SOFTWARE\updater
    HKEY_CURRENT_USER\Software\Visicom Media
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{4E7BD74F-2B8D-469E-DDF3-FA68A787AD2D}
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D}
  2. Adds the value:

    "    {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D}"

    to the registry keys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS