1. /
  2. Security Response/
  3. Adware.180Solutions

Adware.180Solutions

Updated:
February 13, 2007 11:46:24 AM
Type:
Adware
Publisher:
180 Solutions Inc
Risk Impact:
Medium
File Names:
ClientAX.dll,zanuhook.dll,saishook.dll,180axhook.dll,salmhook.dll,sachook.dll,saiehook.dll,saaphook.
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.180Solutions is executed, it performs the following actions:
  1. Creates the following the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}

    so that the risk runs when Internet Explorer starts.

  2. Adds the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    \{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    \{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    \{99410CDE-6F16-42ce-9D49-3807F78F0287}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    \{2B0ECEAC-F597-4858-A542-D966B49055B9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    \{7B178417-3CDA-444F-94FF-312C0A3A78A8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    \{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    \{F1F1E775-1B21-454D-8D38-7C16519969E5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
    \{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
    \{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.ClientInstaller
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.ClientInstaller.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.RequiredComponent
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.RequiredComponent.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ncmyb.SABHO
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ncmyb.SABHO.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database
    \Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}

  3. Creates one or more of the following files:

    • %ProgramFiles%\180SearchAssistant\saishook.dll
    • %ProgramFiles%\180search Assistant\sauhook.dll
    • %ProgramFiles%\180SearchAssistant\saaphook.dll
    • %ProgramFiles%\180SearchAssistant\salmhook.dll
    • %ProgramFiles%\180SearchAssistant\saiehook.dll
    • %ProgramFiles%\180SearchAssistant\sachook.dll
    • %ProgramFiles%\ZangoClient\zanuhook.dll
    • %Windir%\Downloaded Program Files\ClientAX.dll
    • %Windir%\Downloaded Program Files\ClientAX.inf
    • %Windir%\salmhook.dll

      Notes:
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver