1. /
  2. Security Response/
  3. Adware.ZipClix

Adware.ZipClix

Updated:
February 13, 2007 11:49:57 AM
Type:
Adware
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.ZipClix is executed, it performs the following actions:
  1. Creates the following files:

    • %ProgramFiles%\Zipclix\INSTALL.LOG
    • %ProgramFiles%\Zipclix\UNWISE.EXE
    • %ProgramFiles%\Zipclix\zipclix.dll
    • %ProgramFiles%\Zipclix\zipclix.ini

      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the configuration file in the root directory, if the installer is broken:

    C:\zipclix.ini

  3. Creates the following subkeys:

    HKEY_CURRENT_USER\Software\Zipclix
    HKEY_CURRENT_USER\Software\Zipclix\Toolbar\History\Zipclix Search
    HKEY_CURRENT_USER\Software\Zipclix\Toolbar\Settings\LayoutTimestamp
    HKEY_CURRENT_USER\Software\Zipclix\Toolbar\Settings\UID

  4. Adds the values:

    "DisplayName" =  "Zipclix"
    "UninstallString" = "C:\PROGRA~1\Zipclix\UNWISE.EXE C:\PROGRA~1\Zipclix\INSTALL.LOG"
    "DisplayVersion" = "1.0.0"
    "Publisher" = "Zipclix"
    "URLInfoAbout" = "[http://]www.zipclix.com"
    "Contact" = "support@zipclix.com"


    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zipclix

  5. Adds the value:

    "" = "ZipclixObj.ZipclixObj"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{319A68DB-06D0-46DA-9F93-A810D5A70836}\VersionIndependentProgID

  6. Adds the value:

    "" = "{BBCD25C8-A31E-4DFB-B204-B54BBA477B23}"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{319A68DB-06D0-46DA-9F93-A810D5A70836}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC34A4B3-809A-4A71-88D4-55B5183D6041}\TypeLib

  7. Adds the value:

    "" = "ZipclixObj.ZipclixObj.1"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{319A68DB-06D0-46DA-9F93-A810D5A70836}\ProgID

  8. Adds the value:

    "" = "%ProgramFiles%\Zipclix\zipclix.dll""

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{319A68DB-06D0-46DA-9F93-A810D5A70836}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BBCD25C8-A31E-4DFB-B204-B54BBA477B23}\1.0\0\win32


  9. Adds the value:

    "ThreadingModel" = "Apartment"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{319A68DB-06D0-46DA-9F93-A810D5A70836}\InprocServer32

  10. Adds the value:

    "" = "Zipclix"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{319A68DB-06D0-46DA-9F93-A810D5A70836}

  11. Adds the value:

    "Version" = "1.0"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC34A4B3-809A-4A71-88D4-55B5183D6041}\TypeLib

  12. Adds the value:

    "" = "{00020424-0000-0000-C000-000000000046}"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC34A4B3-809A-4A71-88D4-55B5183D6041}\ProxyStubClsid32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC34A4B3-809A-4A71-88D4-55B5183D6041}\ProxyStubClsid

  13. Adds the value:

    "" = "IToolBandObj"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC34A4B3-809A-4A71-88D4-55B5183D6041}

  14. Adds the values:

    "" = "%ProgramFiles%\Zipclix\"
    "" = "0"
    "" = "Zipclix 1.0 Type Library"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BBCD25C8-A31E-4DFB-B204-B54BBA477B23}\1.0\HELPDIR
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BBCD25C8-A31E-4DFB-B204-B54BBA477B23}\1.0\FLAGS
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BBCD25C8-A31E-4DFB-B204-B54BBA477B23}\1.0


  15. Adds the value:

    "AdTimestamp" = "0"
    "InstallPath" = "C:\\PROGRA~1\\Zipclix"
    "Version" = "100"


    to the registry subkey:

    HKEY_CURRENT_USER\Software\Zipclix\Toolbar\Settings

  16. Registers itself as a Browser Helper Object that redirects searches through a website redirects your search through a marketing Web site. It then monitors user browsing habits and can then display ads accordingly.

  17. Displays pop-ups which may be user configured and can update itself via its Web site.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver