1. /
  2. Security Response/
  3. Adware.ZenoSearch

Adware.ZenoSearch

Updated:
February 13, 2007 11:46:46 AM
Type:
Adware
Publisher:
www.zenotecnico.com
Risk Impact:
Medium
File Names:
dwdsregt.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.ZenoSearch is executed, it performs the following actions:
  1. Adds the values:

    "SysStart" = "[PATH TO ADWARE]\[ADWARE FILENAME]"
    "{1C-CC-C5-54-ZN}" = "c:\windows\system32\dwdsregt.exe FI002"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that it runs everytime Windows starts.

  2. Adds the values:

    "DisplayName" = "Zeno Browser Enhancer removal"
    "UninstallString" = "[PATH TO ADWARE]\[ADWARE FILENAME] -UPop"


    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zeno Browser Enhancer

  3. Creates the file:

    %UserProfile%\Start Menu\Programs\Startup\Zeno.lnk

    so that it runs at startup.

    Note: %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

  4. Creates the harmless text file %System%\zxdnt3d.cfg.

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  5. Displays pop-up ads based on keywords the user searches for on the following web search engines:

    • search.lycos.com
    • www.hotbot.com
    • search.information.com
    • www.overture.com
    • mysearch.myway.com
    • web.ask.com
    • search.aol.com
    • search.msn.com
    • yahoo.com
    • google.com


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver