Adware.Azsearch
( AZESearch )
|
Spreading:
|
medium
|
|
|
Damage:
|
low
|
|
Size:
|
varies
|
|
Discovered:
|
2005 Aug 30
|
SYMPTOMS:
Azesearch toolbar in Internet Explorer, pop-ups with advertisements, search websites not working properly.
TECHNICAL DESCRIPTION:
Azseach is a browser hijacker that changes your homepage and filters your searches on the most known web search engines to provide corrupted results. It installs a toolbar (Azesearch) in Internet Explorer and adds several links to Favorites.
The CLSIDs used by the toolbar are {a19ef336-01d4-48e6-926a-fe7e1c747aed}, {ba048011-957f-4ba0-a804-62c28d96f878}, {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}.
Registration as a BHO is under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}.
On install, its files are copied to the %SYSTEM% folder, and an executable is added to HKLM\Software\Microsoft\Windows\CurrentVersion\Run. File names vary, depending on the version being installed, but most start with AZE. One exception is iasada.dll, which is also a BHO that monitors your Internet Explorer. Its CLSID is {f65b197f-8260-4d52-909a-f70118e646eb}.
Removal instructions:
Please let BitDefender disinfect your files.
ANALYZED BY:
Theodor-Iulian Ciobanu, virus researcher
Cart