Adware.Locator

Printer Friendly Page

Updated: February 13, 2007 11:40:53 AM

Type: Adware

Version: 1.0.0.53

Publisher: Locators Inc

Risk Impact: Medium

File Names: Locators.dll lupdtr.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Adware.Locator runs, it does the following:

Creates the following files:
- Locators.dll
- lupdtr.exe
Installs its own Search and Links toolbar in Internet Explorer.
Changes the default start page and search page to point to a URL on the locators.com domain.
Attempts to download remote files and update itself, if newer versions of the adware are available.
Creates the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{E720B458-B65A-438C-9FF3-B1DF65D7DB3E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{E720B458-B65A-438C-9FF3-B1DF65D7DB3F} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface \{AB88FC82-FCDC-4062-BCC4-887F0D73EC1D} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib \{B4F8E732-4793-4F90-B40A-829331861D54} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LocatorS.LocatorBar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LocatorS.LocatorBar.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LocatorS.LocatorLinks HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LocatorS.LocatorLinks.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions \{A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar \{E720B458-B65A-438C-9FF3-B1DF65D7DB3E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar \{E720B458-B65A-438C-9FF3-B1DF65D7DB3F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Locators Toolbar HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Locators Toolbar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{4E7BD74F-2B8D-469E-92B0-A921F8D5E22E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{4E7BD74F-2B8D-469E-92B0-A921F8D5E22F} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{4E7BD74F-2B8D-469E-92B0-A921F8D5E230} HKEY_LOCAL_MACHINE\SOFTWARE\Classes \locatorstoolbar.LOCATORSTOOLBAR HKEY_LOCAL_MACHINE\SOFTWARE\Classes \locatorstoolbar.LOCATORSTOOLBARMenu Button HKEY_LOCAL_MACHINE\SOFTWARE\Classes \locatorstoolbar.LOCATORSTOOLBARToggle Button HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \Browser Helper Objects\{4E7BD74F-2B8D-469E-92B0-A921F8D5E22E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\LOCATORSTOOLBAR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units \{4E7BD74F-2B8D-469E-92B0-A921F8D5E22E} HKEY_CURRENT_USER\Software\LOCATORSTOOLBAR TOOLBAR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar \{4E7BD74F-2B8D-469E-92B0-A921F8D5E22E} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser \{4E7BD74F-2B8D-469E-92B0-A921F8D5E22E}
Modifies the value:

"SearchAssistant"="[URL on the locators.com/sidebar domain]"

in the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
Modifies the value:

"SearchUrl"="[URL on the locators.com domain]"

in the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Modifies the value:

"Start Page"="[URL on the locators.com domain]"

in the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}