1. /
  2. Security Response/
  3. Adware.Yuupsearch

Adware.Yuupsearch

Updated:
February 13, 2007 11:42:12 AM
Type:
Adware
Risk Impact:
High
File Names:
yoop.exe yuups_toolbar.exe IE_agent.exe basis.xml error.html google_toolbar.dll nav.bmp red
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.Yuupsearch is installed it does the following:
  1. Drops the following files:

    • %Temp%\yuups_toolbar.exe
    • %Temp%\IE_agent.exe
    • %Program Files%\YuupSearch Toolbar\basis.xml
    • %Program Files%\YuupSearch Toolbar\error.html
    • %Program Files%\YuupSearch Toolbar\google_toolbar.dll
    • %Program Files%\YuupSearch Toolbar\nav.bmp
    • %Program Files%\YuupSearch Toolbar\red2.html
    • %Program Files%\YuupSearch Toolbar\tblogo.bmp
    • %Program Files%\YuupSearch Toolbar\toolbar.crc
    • %Program Files%\YuupSearch Toolbar\version.txt

      Note:
    • %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Runs %Temp%\IE_agent.exe, which copies itself as %System%\run_dll.exe.

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  3. Adds the value:

    "MSTask" = "%System%\run_dll.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the adware loads the URL [http://]www.yuups/[REMOVED]/.com in Internet Explorer every time Windows starts.

  4. Adds the value:

    "{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837}" = "00"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

  5. Adds the value:

    "{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837}" = "fc 31 bf 1c 23 3c a6 4b af 16 2c ec 50 1b d8 37 7b 34 33 32 36 42 46 30 42 2d 30 38 36 37 2d 34 31 61 37 2d 42 35 31 37 2d 39 35 46 45 45 30 35 42 39 36 45 30 7d 00"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

  6. Adds the registry subkeys:

    HKEY_CLASSES_ROOT\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}

    so that the Adware.Yuupsearch toolbar is loaded when Internet Explorer starts.

  7. Adds the registry subkeys:

    HKEY_CLASSES_ROOT\ToolBand.ToolHelper
    HKEY_CLASSES_ROOT\ToolBand.ToolHelper.1
    HKEY_CURRENT_USER\Software\XBTB01500\Toolbar
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA44CC}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EABBB49A-4d7b-415B-8250-15C3B854E9FF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{99BBD747-391D-461F-883B-A3C6D41BB28D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB01500.IEToolbar
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB01500.IEToolbar.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB01500.XBTB01500
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB01500.XBTB01500.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB01500.XBTB01500Toolbar


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver