Content

Adware-SideSearch

Type
Program
SubType
Adware
Discovery Date
10/05/2003
Length
120,224 Bytes
151,552 Bytes
150,719 Bytes
Minimum DAT
4297 (10/08/2003)
Updated DAT
5616 (05/15/2009)
Minimum Engine
5.1.00
Description Added
01/20/2004
Description Modified
03/21/2005 5:11 PM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.  If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Installation

Upon execution, the application does not display any EULA or privacy notice. It registers Browser Helper Objects (BHOs) to help display the ad related search results. It silently transmits the search keywords typed in say google.com to its servers that can be powered by other legitimate search engines like Lycos.com or Yahoo.com. After the search is done on a particular search engine it launches (Pops-up) another Internet Explorer window to show different search results. However, it is incapable of any spyware related activities like stealing passwords etc. It adds a check button to the IE toolbar as the browser helper object.

 It has been observed that it contacts following websites

File names often related to adware-sidefind are

  • sidefind.exe
  • sep.dll
  • sidesearch.dll

It registers the DLL as Browser Helper objects to Internet Explorer

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\ProgID\: "Sep.Search.1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32\: "C:\Program Files\SEP\sep.dll"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\ProgID\: "Sep.Band.1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32\: "C:\Program Files\SEP\sep.dll"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Uninstall\SEP\UninstallString: "C:\Program Files\SEP\Uninst.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Explorer\Browser Helper Objects: "{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}"

It creates following files upon execution and stores them at c:\program files\SEP

  • sep.dll ( Size: 184,320 Bytes) – size may vary
  • uninst.exe ( Size: 54,842 Bytes) – size may vary

 Symptoms

It shows the search result in a separate popup window and use Lycos search engine to show the results. See the image below.

 

Some Previous versions of the program shows the following behaviour:

Files and Registry Changes

  • HKEY_LOCAL_MACHINE\Software\Lycos
  • HKEY_LOCAL_MACHINE\Software\Lycos\Sidesearch
  • HKEY_LOCAL_MACHINE\Software\Lycos\Sidesearch "Locale"
  • HKEY_LOCAL_MACHINE\Software\Lycos\Sidesearch "Partner"
  • HKEY_LOCAL_MACHINE\Software\Lycos\Sidesearch "Sidesearch"
  • HKEY_LOCAL_MACHINE\Software\Lycos\Sidesearch "SilentWelcome"

The following files will be added:

  • c:\Program Files\Lycos\Sidesearch\offline.htm
  • c:\Program Files\Lycos\Sidesearch\sidesearch1211.dll
  • c:\Program Files\Lycos\Sidesearch\Uninst.exe
  • c:\[windows directory]Desktop\Lycos Sidesearch.lnk
  • c:\[windows directory]\Start Menu\Programs\Lycos Sidesearch.lnk

The following button will be added to the Internet browser toolbar:

The detection of this type of file is not automatically activated. Users who would like to check for the presence of this kind of files on their system should run the command line scanner with the /PROGRAM switch.
Please note that VirusScan, version 7 and higher, has an option, which enables users to detect this kind of program automatically (see below).

Symptoms

N/A This is not a virus or trojan

Method of Infection

N/A This is not a virus or trojan

Variants

Variants

    N/A

All Information

Overview -

This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.

Characteristics

Characteristics -

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.  If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Installation

Upon execution, the application does not display any EULA or privacy notice. It registers Browser Helper Objects (BHOs) to help display the ad related search results. It silently transmits the search keywords typed in say google.com to its servers that can be powered by other legitimate search engines like Lycos.com or Yahoo.com. After the search is done on a particular search engine it launches (Pops-up) another Internet Explorer window to show different search results. However, it is incapable of any spyware related activities like stealing passwords etc. It adds a check button to the IE toolbar as the browser helper object.

 It has been observed that it contacts following websites

File names often related to adware-sidefind are

  • sidefind.exe
  • sep.dll
  • sidesearch.dll

It registers the DLL as Browser Helper objects to Internet Explorer

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\ProgID\: "Sep.Search.1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32\: "C:\Program Files\SEP\sep.dll"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\ProgID\: "Sep.Band.1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32\: "C:\Program Files\SEP\sep.dll"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Uninstall\SEP\UninstallString: "C:\Program Files\SEP\Uninst.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Explorer\Browser Helper Objects: "{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}"

It creates following files upon execution and stores them at c:\program files\SEP

  • sep.dll ( Size: 184,320 Bytes) – size may vary
  • uninst.exe ( Size: 54,842 Bytes) – size may vary

 Symptoms

It shows the search result in a separate popup window and use Lycos search engine to show the results. See the image below.

 

Some Previous versions of the program shows the following behaviour:

Files and Registry Changes

  • HKEY_LOCAL_MACHINE\Software\Lycos
  • HKEY_LOCAL_MACHINE\Software\Lycos\Sidesearch
  • HKEY_LOCAL_MACHINE\Software\Lycos\Sidesearch "Locale"
  • HKEY_LOCAL_MACHINE\Software\Lycos\Sidesearch "Partner"
  • HKEY_LOCAL_MACHINE\Software\Lycos\Sidesearch "Sidesearch"
  • HKEY_LOCAL_MACHINE\Software\Lycos\Sidesearch "SilentWelcome"

The following files will be added:

  • c:\Program Files\Lycos\Sidesearch\offline.htm
  • c:\Program Files\Lycos\Sidesearch\sidesearch1211.dll
  • c:\Program Files\Lycos\Sidesearch\Uninst.exe
  • c:\[windows directory]Desktop\Lycos Sidesearch.lnk
  • c:\[windows directory]\Start Menu\Programs\Lycos Sidesearch.lnk

The following button will be added to the Internet browser toolbar:

The detection of this type of file is not automatically activated. Users who would like to check for the presence of this kind of files on their system should run the command line scanner with the /PROGRAM switch.
Please note that VirusScan, version 7 and higher, has an option, which enables users to detect this kind of program automatically (see below).

Symptoms

Symptoms -

N/A This is not a virus or trojan

Method of Infection

Method of Infection -

N/A This is not a virus or trojan

Removal -

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants -

    N/A