Home / malwarePDF  

Adware:Win32/SmartSearch


First posted on 13 September 2011.
Source: SecurityHome

Aliases :

There are no other names known for Adware:Win32/SmartSearch.

Explanation :

Adware:Win32/SmartSearch is a program that delivers advertisements to webpages visited by a user.


Top

Adware:Win32/SmartSearch is a program that delivers advertisements to webpages visited by a user.



Installation

Adware:Win32/SmartSearch may be downloaded and installed by the user from hxxp://smartsearch.co.kr/.

As part of its installation process,Adware:Win32/SmartSearch may create the following files:

  • %ProgramFiles%\SmartSearch\SmartSearch.dat
  • %ProgramFiles%\SmartSearch\SmartSearch.dll
  • %ProgramFiles%\SmartSearch\SmartSearch.exe
  • %ProgramFiles%\SmartSearch\SmartSearch.ini
  • %ProgramFiles%\SmartSearch\uninstall.exe
  • %ProgramFiles%\SmartSearch\Update.exe


Adware:Win32/SmartSearch may add the following subkeys to the registry:

  • HKLM\SOFTWARE\SmartSearchHKLM\SOFTWARE\Classes\CLSID\{8CA5935F-E525-4329-AF2C-169C6608E564}
  • HKLM\SOFTWARE\Classes\CLID\{F10E89FF-CCBD-4505-AFFC-CD507013E496}
  • HKLM\SOFTWARE\Classes\Inerface\{B7F9C704-AF25-4973-BB4A-2F6E485F9742}
  • HKLM\SOFTWARE\Classes\Interface\{C47D8D45-78DB-4CEC-992B-C207E289E474}
  • HKLM\SOFTWARE\Classes\TypeLib\{43E3F6F3-6201-4C88-8ECF-E08C49A9B399}
  • HKLM\SOFTWARE\Classes\SmartSearch.SmartSearchBar
  • HKLM\SOFTWARE\Classes\SmartSearch.SmartSearchBar.1
  • HKLM\SOFTWARE\Classes\SmartSearch.SmartSearchObj
  • HKLM\SOFTWARE\Classes\SmartSearch.SmartSearchObj.1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10E89FF-CCBD-4505-AFFC-CD507013E496}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\스ë§ÂˆíŠ¸ì„œì¹Â˜


Once installed in Internet Explorer, Adware:Win32/SmartSearch€™s presence can be seen in the 'Manage Add-ons' window that can be accessed from the Tools menu. The image below displays a 'Manage Add-ons' window with the adware listed as two items:





Payload

Adware:Win32/SmartSearch inserts an advertisement banner at the bottom of webpages, as seen in the images below:







Analysis by Michael Johnson

Last update 13 September 2011

 

TOP

Malware :