1. /
  2. Security Response/
  3. Adware.ZeroPopUp

Adware.ZeroPopUp

Updated:
February 13, 2007 11:39:30 AM
Type:
Adware
Version:
2.0
Risk Impact:
Medium
File Names:
zp.dll
Systems Affected:
Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.ZeroPopUp is run, it does the following:
  1. Creates these files:
    • %InstallFolder%\zp.dll (the toolbar, detected as Adware.ZeroPopUp)
    • %InstallFolder%\spp.reg (registry keys to make it point to searchxl.com)
    • %InstallFolder%\zpp.inf (*.inf setup configuration file)

      Note: %InstallFolder% is a variable that refers to the folder to which these files were downloaded or extracted. It can be any folder.

  2. Modifies these values to:

    "Search Page"="http:/ /www.searchxl.com/ie"
    "Default_Search_URL"="http:/ /www.searchxl.com/ie"

    in the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

  3. Modifies the value to:

    "Search Page"="http:/ /www.searchxl.com/ie"

    in the registry key:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

  4. Adds the value:

    "SearchAssistant"="http:/ /www.searchxl.com/ie"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search

  5. Adds these values:

    "Use Search Asst"="no"
    "Use Custom Search URL"=dword:00000001
    "Default_Search_URL"="http:/ /www.searchxl.com/ie"
    "Search Bar"="http:/ /www.searchxl.com/ie"
    "SearchURL"="http:/ /www.searchxl.com/ie"

    to the registry key:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

  6. Adds the value:

    "SearchAssistant"="http:/ /www.searchxl.com/ie"

    to the registry key:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search

  7. Creates these registry keys:

    HKEY_CURRENT_USER\software\zeropopup
    HKEY_CLASSES_ROOT\CLSID\{72A58725-2635-4725-8C53-686DFD1FEB8D}


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver