Updated: February 13, 2007 11:44:30 AM
Type: Adware
Publisher: Acez Software
Risk Impact: Medium
File Names:
%Windir%\Downloaded Program Files\sbar.dll (This file is invisible in Windows Explorer.)
%Progra
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.SearchNugget executed, it performs the following actions:
- Modifies the value:
"Start Page" = "[http://]www.searchnugget[REMOVED].com/"
in the registry subkeys:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main
so that the start page of Internet Explorer is changed to a Web site on the searchnugget.com domain.
- Adds the follwing registry entries:
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B80-469E-C0FF-FD7FF4D5FA7F}\"(Default)" = "SBARMenu Button"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B80-469E-C0FF-FD7FF4D5FA7F}\InProcServer32\"(Default)" = "%Windir%\DOWNLO~1\sbar.dll"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B80-469E-C0FF-FD7FF4D5FA7F}\InProcServer32\"ThreadingModel" = "Apartment"
HKEY_CLASSES_ROOT\sbar.SBARMenu Button\"(Default)" = "SBARMenu Button"
HKEY_CLASSES_ROOT\sbar.SBARMenu Button\Clsid\"(Default)" = "{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7F}"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7F}\ProgID\"(Default)" = "sbar.SBARMenu Button"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7E}\"(Default)" = "SBARToggle Button"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7E}\InprocServer32\"(Default)" = "C:\WINDOWS\DOWNLO~1\sbar.dll"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7E}\InprocServer32\"ThreadingModel" = "Apartment"
HKEY_CLASSES_ROOT\sbar.SBARToggle Button\"(Default)" = "SBARToggle Button"
HKEY_CLASSES_ROOT\sbar.SBARToggle Button\Clsid\"(Default)" = "{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7E}"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7E}\ProgID\"(Default)" = "sbar.SBARToggle Button"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}\"(Default)" = "SearchNugget Toolbar"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}\InprocServer32\"(Default)" = "C:\WINDOWS\DOWNLO~1\sbar.dll"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}\InprocServer32\"ThreadingModel" = "Apartment"
HKEY_CLASSES_ROOT\sbar.SBAR\"(Default)" = "SBAR"
HKEY_CLASSES_ROOT\sbar.SBAR\Clsid\"(Default)" = "{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}"
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}\ProgID\"(Default)" = "sbar.SBAR"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}" = "02"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}
so that the toolbar is installed in Internet Explorer.
- Adds the values:
"CfgID" = "0"
"clientID" = "main"
to the registry subkey:
HKEY_CURRENT_USER\Software\Sbar Toolbar
for its internal use.
- Adds the values:
"DisplayName" = "SearchNugget Toolbar"
"UninstallString" = "%Program Files%\Sbar Toolbar\Uninstall.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBAR
so that SearchNugget Toolbar appears in Add or Removal Programs window.
- Creates the following files:
- %Windir%\sbar.dll
- %ProgramFiles%\Sbar Toolbar\Uninstall.exe
Note:
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- Creates files in %Program Files%\Sbar Toolbar\Cache folder.
- Displays a search toolbar on Internet Explorer window.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
