1. /
  2. Security Response/
  3. Adware.Searchq

Adware.Searchq

Updated:
February 13, 2007 11:34:41 AM
Type:
Adware
Publisher:
http://search-q.com
Risk Impact:
Low
File Names:
ccHelp.hta,wwHelp.hta,cc96629.dll,cc96629.ico
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Adware.Searchq is executed, it performs the following actions:
  1. Drops a copy of itself to the %System% folder.

    Note: %System% is a variable. The adware locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Contacts a remote server to check for an updated version of itself.

  3. Downloads cc96629.dll to the %System% folder and registers the .dll.

  4. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\cid
    HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\vNum
    HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\dvNum
    HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\drDate
    HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\rCount
    HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\svNum
    HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\ccHelp\sdvNum


  5. May drop a copy of itself to the Internet Explorer Temporary Files folder as cc96629[1].ico.

  6. Downloads and executes the wwHelp.hta portion of the software, which will begin to display advertisements.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report