1. /
  2. Security Response/
  3. Adware.BestSearch

Adware.BestSearch

Updated:
February 13, 2007 11:44:10 AM
Type:
Adware
Publisher:
best-search.us
Risk Impact:
Low
File Names:
MegaInstaller.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.BestSearch is executed, it performs the following actions:

  1. Creates the following files:

    %UserProfile%\Local Settings\Temp\MegaHost.dll
    %UserProfile%\Local Settings\Temp\MegaInstaller.exe
    %UserProfile%\Local Settings\Temp\temp.dll

    Notes:
    %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
  2. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC6346B-FFB0-4435-ACE3-FACA6CD77816}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC6346B-FFB0-4435-ACE3-FACA6CD77816}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BC6346B-FFB0-4435-ACE3-FACA6CD77816}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MegaSearch
    HKEY_CURRENT_USER\Software\MegaHost

  3. Adds the values:

    "@" = "%UserProfile%\Local Settings\Temp\MegaHost.dll"
    "ThreadingModel" = "Apartment"


    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC6346B-FFB0-4435-ACE3-FACA6CD77816}\InprocServer32

  4. Adds the value:

    "@" = "Mega!"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BC6346B-FFB0-4435-ACE3-FACA6CD77816}

  5. Adds the values:

    "UninstallString" = "%UserProfile%\Local Settings\Temp\MegaInstaller.exe /u"
    "DisplayName" = "MegaSearch"


    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MegaSearch

  6. Adds the value:

    "Use Search Asst" = "no"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

  7. Adds the values:

    "page" = "0x00000001"
    "Use Search Asst" = "no"
    "SearchAssistant" = "http:/ /ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    "Start Page" = "http:/ /www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "cid" = "cb719ff8-7813-4a5e-916f-66692534204e"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\MegaHost

  8. Modifies the value:

    "SearchAssistant" = "http:/ /best-search.us/?page=search&pid=sext01"

    in the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search

  9. Displays pop-up ads.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report