1. /
  2. Security Response/
  3. Adware.MetaSearch

Adware.MetaSearch

Updated:
February 13, 2007 11:45:02 AM
Type:
Adware
Version:
1.0
Risk Impact:
Medium
File Names:
STHomePage2.dll STLinks2.dlll
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.MetaSearch is installed, it performs the following actions:
  1. Creates the following files:

    • %ProgramFiles%\STHomePage\STHomePage2.dll
    • %ProgramFiles%\STHomePage\uninst.exe
    • %ProgramFiles%\STLinks\stiel.dat
    • %ProgramFiles%\STLinks\STLinks2.dll
    • %ProgramFiles%\STLinks\uninst.exe

      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Creates the following registry keys:

    HKEY_CLASSES_ROOT\CLSID\{1B9CB0F8-118B-49C1-956D-B703E976F8E3}
    HKEY_CLASSES_ROOT\CLSID\{B54BFA47-D897-49CA-9657-05EC9F80A32B}
    HKEY_CLASSES_ROOT\STLinks.STLinksCtrl
    HKEY_CLASSES_ROOT\STLinks.STLinksCtrl.1
    HKEY_CLASSES_ROOT\HomePage.HomePageCtrl
    HKEY_CLASSES_ROOT\HomePage.HomePageCtrl.1
    HKEY_CLASSES_ROOT\Interface\{73A90743-6A64-425D-B4EA-44D7C839F565}
    HKEY_CLASSES_ROOT\Interface\{F93C87CE-0318-47DA-803A-3BA4C8FC0D62}
    HKEY_CLASSES_ROOT\TypeLib\{D31B7025-CC3A-40EA-B1D5-139EA9B70D00}
    HKEY_CLASSES_ROOT\TypeLib\{D77EECF7-095D-4437-A6F7-4E1D4000A8AA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    \{1B9CB0F8-118B-49C1-956D-B703E976F8E3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    \{B54BFA47-D897-49CA-9657-05EC9F80A32B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Home Search
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LinksHelper

  3. Sets Internet Explorer home page to following:

    [http://]quickmetasearch.com/[REMOVED]/?said=acc0001_ho

  4. Connects to following sites:

    [http://]linkshelper.com/[REMOVED]
    [http://]69.50.160.98/[REMOVED]

  5. May download an updated version of itself.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report