Spyware.Teensearch

Printer Friendly Page

Updated: February 13, 2007 11:46:42 AM

Type: Spyware

Publisher: teensearchbar.com

Risk Impact: High

File Names: srchbar.dll Identlibdll.dll unregister.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Spyware.Teensearch is executed, it performs the following actions:

Creates the following files:
- %System%\AcsProxy.dll
- %System%\AcsProxy.lib
- %System%\chat.dat
- %System%\ezines.dat
- %System%\home.dat
- %System%\IdentLibDll.dll
- %System%\paysites.dat
- %System%\pics.dat
- %System%\srchbar.dll
- %System%\srchbar.dll.manifest
- %System%\unregister.exe
- %System%\videos.dat
- %ProgramFiles%\Search Bar\INSTALL.LOG
- %ProgramFiles%\Search Bar\UNWISE.EXE
  
  Note:
- %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
Creates the following legitimate files:
- %System%\Cshtp32.ocx
- %System%\ImgConv.dll
- %System%\VIC32.DLL
Creates the following registry subkeys:

HKEY_CLASSES_ROOT\CLSID\{01FC5803-8644-45D7-877B-5A3924D8ECC4} HKEY_CLASSES_ROOT\CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} HKEY_CLASSES_ROOT\CLSID\{AA8C93E1-7E5F-497E-B67C-CC8FE2A40D3B} HKEY_CLASSES_ROOT\CLSID\{EDD6BA26-9EBB-11D2-B89C-00104B30757B} HKEY_CLASSES_ROOT\CLSID\{EDD6BA27-9EBB-11D2-B89C-00104B30757B} HKEY_CLASSES_ROOT\Interface\{2DDD90D6-F153-4EA7-A324-4B2D83D1027E} HKEY_CLASSES_ROOT\Interface\{68831D00-169E-4FEB-89B9-E099DF439321} HKEY_CLASSES_ROOT\Interface\{9CE15EB5-6B39-4656-9E1F-2D219EE42E0E} HKEY_CLASSES_ROOT\Interface\{EDD6BA24-9EBB-11D2-B89C-00104B30757B} HKEY_CLASSES_ROOT\Interface\{EDD6BA25-9EBB-11D2-B89C-00104B30757B} HKEY_CLASSES_ROOT\TypeLib\{15E7D23B-736E-46FA-BFFD-CBEC4126BEFD} HKEY_CLASSES_ROOT\TypeLib\{7C9E9A74-1922-409E-AB46-E48784336C3A} HKEY_CLASSES_ROOT\TypeLib\{EDD6BA23-9EBB-11D2-B89C-00104B30757B} HKEY_CLASSES_ROOT\Catalyst.HttpClientCtrl.1 HKEY_CLASSES_ROOT\ImgConv.clsImgConv HKEY_CLASSES_ROOT\SearchBarToolbar.ISubclass HKEY_CLASSES_ROOT\SearchBarToolbar.SearchBar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Search Bar HKEY_CURRENT_USER\Software\E-Ventures N.V.
Adds the value:

"{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}" = "Search Bar"to the registry subkeys:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolbarHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Shell Extensions\Approved
Adds the value:"C:\WINDOWS\system32\Cshtp32.ocx"to the registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Creates an encrypted message containing both the machine's Windows Product ID and information about the machine's "c:\" drive volume. This message is then sent to a remote host.
Adds a toolbar to all Internet Explorer browsers.

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}