1. /
  2. Security Response/
  3. Adware.NowFind

Adware.NowFind

Updated:
February 13, 2007 11:42:56 AM
Type:
Adware
Publisher:
NowFind.net
Risk Impact:
High
File Names:
Varies
Systems Affected:
Windows 2000, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.NowFind is executed, it performs the following actions.
  1. Copies itself to %System% directory with its original file name.

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Adds the value:

    "SVCHOST" = "%System%\[file name]"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

    so that the Adware.NowFind runs every time Windows starts.

  3. Adds the value:

    "Date" = [5-byte binary values which denotes the current day and month]

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Windows

    so that the Adware.NowFind restricts the following action within 3 times a day.

  4. Checks the URL in Microsoft Internet Explorer if it is neither www.searchmeup.com/ nor www.umaxsearch.com/. If not, it will redirect to gugle.biz domain.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver