1. Symantec/
  2. Security Response/
  3. Adware.LookNSearch


February 13, 2007 11:37:26 AM
Risk Impact:
File Names:
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Adware.LookNSearch is executed, it performs the following actions:
  1. Drops the following .dll files in %System% and %ProgramFiles%\Internet Explorer:
    • guardian.dll
    • hookDLL.,dll
    • netClient.dll
    • r_process.dll

    • %System% is a variable. The adware locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %ProgramFiles% is a variable that refers to the path to the program files folder. By default, this is C:\Program Files.

  2. It adds the entry

    "Iesearch.exe"="%ProgramFiles%\Internet Explorer\Iesearch.exe"

    to the registry key


    so that it runs when you start Windows.

  3. May make outgoing HTTP connections to download software or advertisements.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube