Systweak Spyware Library
Systweak Spyware Library text
More than 815338 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adware.2Search.a Analysis Report
Threat Level:
Threat Submitted On: 5/10/2007 3:27:55 PM
Threat Analysed On: 5/10/2007 8:27:55 PM
Type : Adware
Alias : AdWare.Win32.2Search.a [Kaspersky Labs] [Symantec] [McAfee]
Md5 Hash : [ 3247f9740c06f441ba9e56048eba2475 ]
File Size : (32768 bytes)
Description:
Adware programs secretly embed themselves on the victim’s computer, hijack the browsi

2Search.a

Adware.2Search.a
shows some basic symptoms on execution which are as follows:-
  • Displays porn/abusive content or intrusive third-party advertisements.
    •
  • Shows deceptive or false warning.
    •
  • Generates advertisement even when the program is not running
    •
  • Synchronously installs other bundled program.
    •
  • The program can places unwanted adverts on computer screen.
    •

    Here are the Technical findings of our analysis team after analyzing this malware in detail :-

    Loads The following DLL(s)[Dynamic Link Library] when this malware is executed :-

    %windir%\system32\ntdll.dll

    %windir%\system32\kernel32.dll

    %windir%\system32\mfc42.dll

    %windir%\system32\msvcrt.dll

    %windir%\system32\gdi32.dll

    %windir%\system32\user32.dll

    %windir%\system32\advapi32.dll

    %windir%\system32\rpcrt4.dll

    %windir%\system32\vsmvhk.dll

    %windir%\system32\oleaut32.dll

    %windir%\system32\ole32.dll

    %windir%\system32\wsock32.dll

    %windir%\system32\ws2_32.dll

    %windir%\system32\ws2help.dll

    %windir%\system32\comctl32.dll

    %windir%\system32\wship6.dll

    %windir%\system32\pstorec.dll

    %windir%\system32\atl.dll

    %windir%\system32\secur32.dll

    wsock32.dll

    comctl32.dll

    comctl32.dll

    version.dll

    %windir%\system32\regsvr32.exe

    %windir%\system32\regsvr32.exe

    %windir%\system32\shimeng.dll

    %windir%\apppatch\acgenral.dll

    %windir%\system32\winmm.dll

    %windir%\system32\msacm32.dll

    %windir%\system32\version.dll

    %windir%\system32\shell32.dll

    %windir%\system32\shlwapi.dll

    %windir%\system32\userenv.dll

    %windir%\system32\uxtheme.dll

    %windir%\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\

    %workingdir%\3247f9740c06f441ba9e56048ebaplugin.dll

    %systemdrive%\progra~1\2search\plugin.dll

    e:\progra~1\2search\plugin.dll

    Creates the following child process(s) on execution:

    regsvr32 /s %workingdir%\3247f9740c06f441ba9e56048ebaplugin.dll

    regsvr32 /s %systemdrive%\progra~1\2search\plugin.dll

    regsvr32 /s e:\progra~1\2search\plugin.dll

    Microsoft Gold Certified Partner

    © Systweak Inc., 1999-2009 All rights reserved.