Home / malwarePDF  

BrowserModifier:Win32/MindQuizSearch


First posted on 22 June 2010.
Source: SecurityHome

Aliases :

BrowserModifier:Win32/MindQuizSearch is also known as TR/BHO.MindQuizSearch (Avira), Zugo (Sunbelt Software).

Explanation :

BrowserModifier:Win32/MindQuizSearch is a program that directs the affected user to its Web site and changes the affected user's start page. The browser modifier also installs Rugo's Search Toolbar.
Top

BrowserModifier:Win32/MindQuizSearch is a program that directs the affected user to its Web site and changes the affected user's start page. The browser modifier also installs Rugo's Search Toolbar. InstallationBrowserModifier:Win32/MindQuizSearch adds Rugo€™s Search Toolbar, which is installed as a Browser Help Object (BHO) in Internet Explorer and an extension in Mozilla Firefox. Upon execution, the browser modifier installs the following file: c:\Program Files\Mind Quiz The browser modifier then makes the following changes to the registry: Adds value: "Start Page" With data: €œhttp://tmq.bingstart.com/?cfg=2-168-0-1nUEv€ Adds value: "Start Page Restore" With data: <former start page> To subkey: HKCU\Software\Microsoft\Internet Explorer\Main Where <former start page> is the URL of the start page before BrowserModifier:Win32/MindQuizSearch was run. Adds value: "DefaultScope" With data: "{E5F5D888-2587-E012-A817-7038F5690F26}" To subkey: HKCU\Software\Microsoft\Internet Explorer\SearchScopes Adds value: "DisplayName" With data: €œBing€ Adds value: "FaviconURLFallback" With data: http://www.bing.com/favicon.ico Adds value: "SuggestionsURLFallback" With data: "http://api.bing.com/qsml.aspx?query={searchTerms}&market={Language}&form=IE8SSC&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}" "URL"="http://tmq.bingstart.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-168-0-1nUEv" To subkey: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26} Adds value: "MindQuizSearchToolbar 1.1" With data: "Zugo Ltd" To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform Additional informationWhen run, BrowserModifier:Win32/MindQuizSearch opens the browser to "http//www.themindquiz.com". The Web site may look like the following: On installation, the browser modifier installs Rugo's Search Toolbar; the toolbar is visible as a Web browser add-on via "Tools > Manage Add-ons" in Internet Explorer. Note: Rugo's Search Toolbar is not currently classified as a malicious program.

Analysis by Michael Johnson

Last update 22 June 2010

 

TOP

Malware :