1. /
  2. Security Response/
  3. Adware.UniversalTB

Adware.UniversalTB

Updated:
February 13, 2007 11:43:14 AM
Type:
Adware
Version:
1.3.0.0
Publisher:
simplenter.com
Risk Impact:
Medium
File Names:
utility.dll
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.UniversalTB is executed, it performs the following actions:
  1. Downloads a file named utility.dll from the simpletoolbar.com domain and registers the file.

  2. Creates the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F7AB1DB-A899-46c1-8345-B72B4567EE86}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2499DE-A673-49FD-A2DE-EFE03E9572A3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6D335DE7-E980-4400-AADE-9AC771AB77E3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dadu.DaduObj
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dadu.DaduObj.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UniversalSearch Toolbar
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5F7AB1DB-A899-46c1-8345-B72B4567EE86}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoSrch.ContextItem
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoSrch.ContextItem.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAF23CEF-21AF-4707-9FF3-4959FD505553}
    HKEY_CURRENT_USER\Software\Universal


  3. Adds the value:

    "Search Bar" = "http:/ /simplenter.com/srchasst.php?id=1"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

  4. Adds the value:

    "Start Page" = "http:/ /simplenter.com/web/1.01.0/"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

  5. Adds the value:

    "SearchAssistant" = "http:/ /simplenter.com/srchasst.php?id=1"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search

  6. Adds the value:

    {5F7AB1DB-A899-46c1-8345-B72B4567EE86}

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver