1. /
  2. Security Response/
  3. Adware.NaviSearch

Adware.NaviSearch

Updated:
February 13, 2007 11:46:29 AM
Type:
Adware
Version:
1.0.0.5
Publisher:
eXact Advertising
Risk Impact:
Medium
File Names:
nls.exe nvms.dll nls8041.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.NaviSearch is executed, it performs the following actions:
  1. Creates the following files:

    • %ProgramFiles%\NaviSearch\ad.dat
    • %ProgramFiles%\NaviSearch\bin\nls.exe
    • %ProgramFiles%\NaviSearch\nls8041.exe
    • %ProgramFiles%\NaviSearch\ub.dat
    • %ProgramFiles%\NaviSearch\Uninstall.exe
    • %System%\nvms.dll

      Note:
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    \{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    \{8EEE58D5-130E-4CBD-9C83-35A0564E1357}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    \{C6906A23-4717-4E1F-B6FD-F06EBED11357}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
    \{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NLS.UrlCatcher
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NLS.UrlCatcher.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects
    \{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Uninstall\NaviSearch
    HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    \Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}


  3. Adds the value:

    "NaviSearch" = "%ProgramFiles%\NaviSearch\bin\nls.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs every time Windows is executed.

  4. Adds the value:

    "SearchAssistant" = "[http://]www.exactsearch.net/[REMOVED]"

    to the registry subkey

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver