Home / malwarePDF  

Application.MWS


First posted on 21 November 2011.
Source: BitDefender

Aliases :

There are no other names known for Application.MWS.

Explanation :

MyWebSearch Toolbar is a customizable Internet Explorer search toolbar which comes with some other tools like: screen-savers, pop-up blocker, cursors.
It comes bundled with these various applications in an installer that has no interaction with the user, if you run the installer it will not ask you nothing and therefore you don't actually have a choice in installing it.

When this adware is installed, it performs the following actions:

a) Creates it's default instalation directory :
%PROGRAMFILES%MyWebSearch

b) Creates the following files :

%PROGRAM FILES%MyWebSearchSrchAstt1.binMWSSRCAS.DLL
%PROGRAM FILES%MyWebSearchar1.binF3BKGERR.JPG
%PROGRAM FILES%MyWebSearchar1.binF3CJPEG.DLL
%PROGRAM FILES%MyWebSearchar1.binF3DTACTL.DLL
%PROGRAM FILES%MyWebSearchar1.binF3HISTSW.DLL
%PROGRAM FILES%MyWebSearchar1.binF3HTMLMU.DLL
%PROGRAM FILES%MyWebSearchar1.binF3HTTPCT.DLL
%PROGRAM FILES%MyWebSearchar1.binF3IMSTUB.DLL
%PROGRAM FILES%MyWebSearchar1.binF3POPSWT.DLL
%PROGRAM FILES%MyWebSearchar1.binF3PSSAVR.SCR
%PROGRAM FILES%MyWebSearchar1.binF3REPROX.DLL
%PROGRAM FILES%MyWebSearchar1.binF3RESTUB.DLL
%PROGRAM FILES%MyWebSearchar1.binF3SCHMON.EXE
%PROGRAM FILES%MyWebSearchar1.binF3SCRCTR.DLL
%PROGRAM FILES%MyWebSearchar1.binF3SHLLVW.DLL
%PROGRAM FILES%MyWebSearchar1.binF3SPACER.WMV
%PROGRAM FILES%MyWebSearchar1.binF3WALLPP.DAT
%PROGRAM FILES%MyWebSearchar1.binF3WPHOOK.DLL
%PROGRAM FILES%MyWebSearchar1.binM3FFXTBR.JAR
%PROGRAM FILES%MyWebSearchar1.binM3FFXTBR.MANIFEST
%PROGRAM FILES%MyWebSearchar1.binM3HTML.DLL
%PROGRAM FILES%MyWebSearchar1.binM3IDLE.DLL
%PROGRAM FILES%MyWebSearchar1.binM3NTSTBR.JAR
%PROGRAM FILES%MyWebSearchar1.binM3NTSTBR.MANIFEST
%PROGRAM FILES%MyWebSearchar1.binM3OUTLCN.DLL
%PROGRAM FILES%MyWebSearchar1.binM3PLUGIN.DLL
%PROGRAM FILES%MyWebSearchar1.binM3SKIN.DLL
%PROGRAM FILES%MyWebSearchar1.binM3SKPLAY.EXE
%PROGRAM FILES%MyWebSearchar1.binMWSBAR.DLL
%PROGRAM FILES%MyWebSearchar1.binMWSOEMON.EXE
%PROGRAM FILES%MyWebSearchar1.binMWSOEPLG.DLL
%PROGRAM FILES%MyWebSearchar1.binMWSOESTB.DLL
%PROGRAM FILES%MyWebSearchar1.binNPMYWEBS.DLL

c) Creates the following registry keys
HKEY_LOCAL_MACHINESOFTWAREFocusInteractive
HKEY_LOCAL_MACHINESOFTWAREFocusInteractiveOutlook
HKEY_LOCAL_MACHINESOFTWAREFocusInteractivearSwitches
HKEY_LOCAL_MACHINESOFTWAREFun Web Products
HKEY_LOCAL_MACHINESOFTWAREFun Web ProductsScreenSaver
HKEY_LOCAL_MACHINESOFTWAREFun Web ProductsSettingsPromos
HKEY_LOCAL_MACHINESOFTWAREFun Web ProductsSettingsSmileyCentralBtn
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeOutlookAddinsMyWebSearch.OutlookAddin
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeWordAddinsMyWebSearch.OutlookAddin
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper
Objects{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper
Objects{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunMy Web Search Bar with val [rundll32
C:PROGRA~1MYWEBS~1ar1.binMWSBAR.DLL,S]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunMy Web Search BarMyWebSearch Email
Plugin] with val [%PROGRAM FILES%MYWEBS~1ar1.binmwsoemon.exe]

d) It adds a toolbar named "MyWebSearch" to InternetExplorer
e) Runs one or more of the following: C:Program FilesMyWebSearchar1.binmwsoemon.exe

Last update 21 November 2011

 

TOP