||||
Symantec.com > Security Response > Threats and Risks > Adware.WebBar
PRINT THIS PAGE

Adware.WebBar

Printer Friendly Page

Updated: February 13, 2007 11:41:07 AM
Type: Adware
Risk Impact: High
File Names: se.dll se.exe scbar.dll winex.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Adware.WebBar is executed, it performs the following actions:
  1. Copies itself to the following locations:
    • %ProgramFiles%\scbar
    • %ProgramFiles%\se

      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Adds the value:

    "GUID"="EB8119D779B84B3782B60C64B86292AD"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Search-Exe\Prefs
  3. Adds the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
    {00041A26-7033-432C-94C7-6371DE343822}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
    {002F4E27-B273-4FA5-ADFC-1FB9ED210B37}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
    {49DE8655-4D15-4536-B67C-2AA6C1106740}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
    {9368D063-44BE-49B9-BD14-BB9663FD38FC}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
    {1EB48AA7-D3FE-4E4C-AC8E-B01594496AC0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
    {42BD9965-303D-4CFB-AAE0-DCADCB791A55}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
    {83A13E87-FA20-4B6A-AAE8-C1226B5E1573}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
    {F5F0A448-2BCD-459E-8743-C39154EE1CA8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\
    {A8F92C35-530B-4907-922C-CE31D4B6B14A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCom.WebBar
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCom.WebBar.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCom.WebBho
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCom.WebBho.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCom.WebCommand
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCom.WebCommand.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCom.WebSearch
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCom.WebSearch.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Search-Exe
    HKEY_LOCAL_MACHINE\SOFTWARE\WindowEnhancer
    HKEY_LOCAL_MACHINE\SOFTWARE\SearchEnhancement
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\Batch Assistant
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\BMSE dbl
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\Data Compiler
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Help
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\IEC system
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\Indexing Function
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\SBM OS
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\SE Assistant
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE Help
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\Search Assistant
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\Search function
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\Search OS
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\Sidebar Search
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Uninstall\URL.IE APP

  4. Adds itself as an Explorer Bar to Internet Explorer.

  5. May display pop-up ads with content based on keywords found in the Web pages visited.


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS