Updated: February 13, 2007 11:43:14 AM
Type: Adware
Version: 1.3.0.0
Publisher: simplenter.com
Risk Impact: Medium
File Names:
utility.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.UniversalTB is executed, it performs the following actions:
- Downloads a file named utility.dll from the simpletoolbar.com domain and registers the file.
- Creates the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F7AB1DB-A899-46c1-8345-B72B4567EE86}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2499DE-A673-49FD-A2DE-EFE03E9572A3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6D335DE7-E980-4400-AADE-9AC771AB77E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dadu.DaduObj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dadu.DaduObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UniversalSearch Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5F7AB1DB-A899-46c1-8345-B72B4567EE86}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoSrch.ContextItem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoSrch.ContextItem.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAF23CEF-21AF-4707-9FF3-4959FD505553}
HKEY_CURRENT_USER\Software\Universal
- Adds the value:
"Search Bar" = "http:/ /simplenter.com/srchasst.php?id=1"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
- Adds the value:
"Start Page" = "http:/ /simplenter.com/web/1.01.0/"
to the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
- Adds the value:
"SearchAssistant" = "http:/ /simplenter.com/srchasst.php?id=1"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
- Adds the value:
{5F7AB1DB-A899-46c1-8345-B72B4567EE86}
to the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
