1. /
  2. Security Response/
  3. Adware.SurfSideKick

Adware.SurfSideKick

Updated:
February 13, 2007 11:40:46 AM
Type:
Adware
Publisher:
http://www.surfsidekick.com
Risk Impact:
High
File Names:
Ssk.exe SskBho.dll SskCore.dll SSK_B5.EXE
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.SurfSideKick is executed, it performs the following actions:
  1. Creates the following files:
    • %Program Files%\SurfSideKick [version]\Ssk.exe
    • %Program Files%\SurfSideKick [version]\SskBho.dll
    • %Program Files%\SurfSideKick [version]\SskCore.dll
    • %Temp%\sskupdater3.exe
    • %Temp%\??.tmp
    • %Temp%\SSK3_B5 Seedcorn 4.exe
    • %Temp%\??.bat

      Note:
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).
    • [version] refers to the current version number of the program.

  2. Adds some of the following registry keys:

    HKEY_CLASSES_ROOT\CLSID\{000AB0005-FF12-42C2-8DF5-39E12E5F9C91}
    HKEY_CLASSES_ROOT\CLSID\{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}
    HKEY_CLASSES_ROOT\CLSID\{02EE5B04-F144-47BB-83FB-A60BD91B74A9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Sidekick
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Sidekick_is1
    HKEY_CURRENT_USER\Software\SurfSideKick2

    HKEY_CURRENT_USER\Software\SurfSideKick3
    HKEY_LOCAL_MACHINE\SOFTWARE\SurfSideKick3


  3. Adds some of the following values:

    "SurfSideKick" = "%Program Files%\SurfSideKick\Ssk.exe"
    "SurfSideKick 2" = "%Program Files%\SurfSideKick 2\Ssk.exe"
    "SurfSideKick 3" = "%Program Files%\SurfSideKick 3\Ssk.exe"

    to the following registry keys:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the program runs every time Windows starts.

  4. Deletes the value:

    {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

    from the registry key

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

  5. Adds the values:

    {02EE5B04-F144-47BB-83FB-A60BD91B74A9}
    {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}

    to the registry key

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks

  6. Adds the values:

    {000AB0005-FF12-42C2-8DF5-39E12E5F9C91}
    {02EE5B04-F144-47BB-83FB-A60BD91B74A9}

    {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}

    to the registry key

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

  7. Displays pop-up ads.

  8. May attempt to connect to a predetermined Web site, download other adware programs and send on system information.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver