Adware.MWSearch

Printer Friendly Page

Updated: February 13, 2007 11:42:33 AM

Type: Adware

Risk Impact: Medium

File Names: iacad.dll

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.MWSearch is executed, it performs the following actions:

Creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\MWSearch HKEY_LOCAL_MACHINE\SOFTWARE\MWSearchCo\MWSearch HKEY_CLASSES_ROOT\MWSearch.StockBar HKEY_CLASSES_ROOT\MWSearch.StockBar.1 HKEY_CLASSES_ROOT\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} HKEY_CLASSES_ROOT\MWSearch.cfgwr.1 HKEY_CLASSES_ROOT\MWSearch.cfgwr HKEY_CLASSES_ROOT\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C} HKEY_CLASSES_ROOT\MWSearch.tbactivator.1 HKEY_CLASSES_ROOT\MWSearch.tbactivator HKEY_CLASSES_ROOT\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478} HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77} HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501} HKEY_CLASSES_ROOT\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39} HKEY_CLASSES_ROOT\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{FFF5092F-7172-4018-827B-FA5868FB0478} HKEY_LOCAL_MACHINE\SOFTWARE\AZESearchCo HKEY_CLASSES_ROOT\CLSID\{a19ef336-01d4-48e6-926a-fe7e1c747aed} HKEY_CLASSES_ROOT\CLSID\{AC212FB9-3883-461E-A559-37A4F6100FB0} HKEY_CLASSES_ROOT\CLSID\{ba048011-957f-4ba0-a804-62c28d96f878} HKEY_CLASSES_ROOT\CLSID\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} HKEY_CLASSES_ROOT\Interface\{636FF82A-830A-42EA-938B-6DC78B2AC30C} HKEY_CLASSES_ROOT\Interface\{A55C3BA7-DB1E-4652-867E-055CEAFE8018} HKEY_CLASSES_ROOT\Interface\{AE772DE0-743C-4FEB-A4D6-31CA5F6E3DCD} HKEY_CLASSES_ROOT\Interface\{EF77D50B-5767-4E0E-A3A4-098670025F1D} HKEY_CLASSES_ROOT\MagicLoader.MagicBHO HKEY_CLASSES_ROOT\MagicLoader.MagicBHO.1 HKEY_CLASSES_ROOT\TypeLib\{42FC3840-020C-4E93-A34C-4DF1A6330FBB} HKEY_CLASSES_ROOT\TypeLib\{57B88FEF-AB18-4FEB-B7F6-F6AF93C23F45} HKEY_CLASSES_ROOT\ZToolbar.activator HKEY_CLASSES_ROOT\ZToolbar.activator.1 HKEY_CLASSES_ROOT\ZToolbar.ParamWr HKEY_CLASSES_ROOT\ZToolbar.ParamWr.1 HKEY_CLASSES_ROOT\ZToolbar.StockBar HKEY_CLASSES_ROOT\ZToolbar.StockBar.1 HKEY_LOCAL_MACHINE\SOFTWARE\MagicSearchCo HKEY_LOCAL_MACHINE\SOFTWARE\MagicSearchCo\MagicLoader HKEY_LOCAL_MACHINE\SOFTWARE\MagicSearchCo\MagicSearch HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC212FB9-3883-461E-A559-37A4F6100FB0} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} HKEY_LOCAL_MACHINE\SOFTWARE\ZSearchCo HKEY_LOCAL_MACHINE\SOFTWARE\ZSearchCo\ZSearchHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSIEDe1egate.Application.2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects \{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find HKEY_USERS\Software\Microsoft\Internet Explorer\MenuExt\&Search HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} HKEY_USERS\Software\Need2Find
Creates the following registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar \{a19ef336-01d4-48e6-926a-fe7e1c747aed}so that the adware gets loaded as an Internet Explorer search toolbar.
When the search toolbar is used, the adware sends the query to the morwillsearch.com domain.
Displays a Web site, which may contain advertisements.
May create the following file:

%System%\iacad.dll

Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
May create the following files and folder:
- C:\Program Files\Need2Find\bar\Cache\0007D8CA
- C:\Program Files\Need2Find\bar\Cache\files.ini
- C:\Program Files\Need2Find\bar\History\search
- C:\Program Files\Need2Find\bar\Settings\prevcfg.htm

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}