SecurityHome.eu Adware.Toolbar.MyWebSearch.AL

Home / malware PDF

Adware.Toolbar.MyWebSearch.AL

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Adware.Toolbar.MyWebSearch.AL is also known as MWS, MyWebSearch.
Explanation :
The toolbar is an utility bar for searching the net. It uses other known search engines routed through its own site http:\www.mywebsearch.com. It stores information about search keywords.
When this adware is installed, it performs the following actions:
a) Creates one or more of the following directories and files
%programfiles% MyWebSearch (more files inside)
%system32%f3PSSavr.scr
%programfiles% MyWebSearchSrchAstt1.binMWSSRCAS.DLL
%programfiles% MyWebSearchar1.binMWSBAR.DLL

b) It add a toolbar named "MyWebSearch" to InternetExplorer

c) Create the following registry keys
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.DataControl.1
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.DataControl
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.HistoryKillerScheduler.1
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.HistoryKillerScheduler
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.HistorySwatterControlBar.1
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.HistorySwatterControlBar
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.HTMLMenu.1
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.HTMLMenu.2
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.HTMLMenu
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.IECookiesManager.1
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.IECookiesManager
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.KillerObjManager.1
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.KillerObjManager
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.PopSwatterBarButton.1
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.PopSwatterBarButton
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.PopSwatterSettingsControl.1
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.PopSwatterSettingsControl
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.ShellViewControl.1
HKEY_LOCAL_MACHINESOFTWAREClassesFunWebProducts.ShellViewControl
HKEY_LOCAL_MACHINESOFTWAREClassesMyWebSearch.HTMLPanel.1
HKEY_LOCAL_MACHINESOFTWAREClassesMyWebSearch.HTMLPanel
HKEY_LOCAL_MACHINESOFTWAREClassesMyWebSearch.OutlookAddin.1
HKEY_LOCAL_MACHINESOFTWAREClassesMyWebSearch.OutlookAddin
HKEY_LOCAL_MACHINESOFTWAREClassesMyWebSearch.PseudoTransparentPlugin.1
HKEY_LOCAL_MACHINESOFTWAREClassesMyWebSearch.PseudoTransparentPlugin
HKEY_LOCAL_MACHINESOFTWAREFocusInteractive
HKEY_LOCAL_MACHINESOFTWAREFun Web Products
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeOutlookAddinsMyWebSearch.OutlookAddin
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeWordAddinsMyWebSearch.OutlookAddin
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallMyWebSearch bar Uninstall
HKEY_LOCAL_MACHINESOFTWAREMyWebSearch
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesMyWebSearchService

d) Runs one or more of the following:
%programfiles% MyWebSearchar1.binmwsoemon.exe

e) Adds the following value for
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
[MyWebSearch Email Plugin = "%programfiles%"MYWEBS~1ar1.binmwsoemon.exe"]

which will run "mwsoemon.exe" when Microsoft Windows starts.
Last update 21 November 2011

TOP

Malware :

Last 20