1. Symantec/
  2. Security Response/
  3. Adware.RaxSearch

Adware.RaxSearch

Updated:
September 14, 2006 4:00:54 PM
Type:
Adware
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Adware.RaxSearch is an adware program that allows a user to query multiple search engines and also downloads and displays popup advertisements.

Once executed, the risk creates the following folders:
%ProgramFiles%\Rax Search
%ProgramFiles%\Rax Search Helper

The risk then creates the following files:
%ProgramFiles%\Rax Search\Raxsearch.exe
%ProgramFiles%\Rax Search\history.dat
%ProgramFiles%\Rax Search\engines.dat
%ProgramFiles%\Rax Search\uninst.exe
%ProgramFiles%\Rax Search Helper\infodll.dll
%ProgramFiles%\Rax Search Helper\rxh2.dll
%ProgramFiles%\Rax Search Helper\uninst.exe
%UserProfile%\Start Menu\Programs\Rax Search\Rax Search.lnk
%UserProfile%\Desktop\Rax Search.lnk
%Windir%\infodll.dll

The risk creates the following registry subkeys:
HKEY_ALL_USERS\Software\Microsoft\CurrentVersion\Run\raxsearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rax Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rax Search Helper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Raxsearch.exe
HKEY_CLASSES_ROOT\CLSID\{19AD8203-1538-43a0-848B-D136782E09DE}
HKEY_CLASSES_ROOT\Interface\{F89C6EE9-8BCA-40D4-82B7-12853BB8BB55}
HKEY_CLASSES_ROOT\RXH.Helper.1
HKEY_CLASSES_ROOT\RXH.Helper
HKEY_CLASSES_ROOT\TypeLib\{8547ADA7-FC77-4AC1-B0A2-C4B79787B460}
HKEY_CLASSES_ROOT\rxh.rxh.1
HKEY_CLASSES_ROOT\rxh.rxh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19AD8203-1538-43a0-848B-D136782E09DE}

The risk connects to the following Web sites and downloads and displays advertisements:
http://www.raxdev.com
http://www.zedo.com

The risk displays windows that allow the user to query multiple search engines and then displays pop up windows in Internet Explorer in response to queries submitted by the user.
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube