When Adware.ZenoSearch is executed, it performs the following actions:
- Adds the values:
"SysStart" = "[PATH TO ADWARE]\[ADWARE FILENAME]"
"{1C-CC-C5-54-ZN}" = "c:\windows\system32\dwdsregt.exe FI002"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that it runs everytime Windows starts.
- Adds the values:
"DisplayName" = "Zeno Browser Enhancer removal"
"UninstallString" = "[PATH TO ADWARE]\[ADWARE FILENAME] -UPop"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zeno Browser Enhancer
- Creates the file:
%UserProfile%\Start Menu\Programs\Startup\Zeno.lnk
so that it runs at startup.
Note: %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
- Creates the harmless text file %System%\zxdnt3d.cfg.
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Displays pop-up ads based on keywords the user searches for on the following web search engines:
- search.lycos.com
- www.hotbot.com
- search.information.com
- www.overture.com
- mysearch.myway.com
- web.ask.com
- search.aol.com
- search.msn.com
- yahoo.com
- google.com
