Home / malware

PDF

Adware.Myway.T

First posted on 21 November 2011.
Source: BitDefender

Aliases :

Adware.Myway.T is also known as MySearch.

Explanation :

The program comes bundled with another program. Upon installation, the adware creates the following files:



%ProgramFiles%MyWaymyBar1.binMWHTMLMU.DLL %ProgramFiles%MyWaymyBar1.binMY2NS.EXE %ProgramFiles%MyWaymyBar1.binMYBAR.DLL

%ProgramFiles%MyWaymyBar1.binMYPOPSWT.DLL -

%ProgramFiles%MyWaymyBar1.binMYWAYPLUGINPROXY.CLASS %ProgramFiles%MyWaymyBar1.binNPMYWAY.DLL %ProgramFiles%MyWaymyBar1.binPARTNER.DAT %ProgramFiles%MyWaymyBar1.binPARTNER2.DAT

It creates registry keys so it can start with Internet Explorer and Netscape Navigator. Here are some keys it creates:





HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{014DA6C9-189F-421a-88CD-07CFE51CFF10}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{014DA6CD-189F-421a-88CD-07CFE51CFF10}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0494D0DE-F8E0-41ad-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{147A976E-EEE1-4377-8EA7-4716E4CDD239}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{25642629-2705-43d4-ADDE-68922C0E6BA7}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{465BB38F-2B83-43e1-BDE1-5F413D014350}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{825E5863-834C-4C9E-861A-5402FB2FA854}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9AFB8248-617F-460d-9366-D71CDEDA3179}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D6C8ACD2-C524-4dd9-87BE-84E6E01FEE63}HKEY_LOCAL_MACHINESOFTWAREClassesInterface{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesInterface{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesInterface{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesInterface{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}HKEY_LOCAL_MACHINESOFTWAREClassesInterface{25642628-2705-43D4-ADDE-68922C0E6BA7}HKEY_LOCAL_MACHINESOFTWAREClassesInterface{2564262A-2705-43D4-ADDE-68922C0E6BA7}HKEY_LOCAL_MACHINESOFTWAREClassesInterface{39AE719A-B3AE-4711-8143-65CD1F97DC7C}HKEY_LOCAL_MACHINESOFTWAREClassesInterface{BBE36A96-C9C4-492F-A5E2-C0A9E6DB687B}HKEY_LOCAL_MACHINESOFTWAREMyWayHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallMy Way Speedbar Uninstall

The following values are used so the adware can start with Internet Explorer and Netscape Navigator:

HKEY_CURRENT_USERSoftwareNetscapeNetscape NavigatorAutomation Startup MyWayToolBar.NetscapeStartup.1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}


The search is done through the web site: www.mysearch.com. Even though you may select your search engine (Google, Yahoo, Ask.com) the information you search, your IP address, your domain, your browser language and the data in any undeleted cookies that the browser accepted from myway.com is collected for the use of myway.
By using their website to display the results from the selected search engine, the adware doesn’t need to use popups to display commercial ads because it can display them directly on the page.

Last update 21 November 2011

 

TOP