Content

Adware-SearchAid

Type
Program
SubType
Adware
Discovery Date
01/21/2004
Minimum DAT
4320 (01/28/2004)
Updated DAT
4859 (09/25/2006)
Minimum Engine
5.1.00
Description Added
04/05/2004
Description Modified
04/05/2004 6:35 PM (PT)

Tab Navigation

Characteristics

This is not a virus or trojan. It is a direct-marketing adware application. This application generates extra pop-up ads while using Internet Explorer.

This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported.  Users agree to have the Adware installed in the license agreement, although they may not realise at first that this file was packaged with the product they installed.

Installation

Upon execution, the application installs itself by creating the following files as listed below:

  • dict.dat (11,592 bytes)
  • keywords.dat (11,335 bytes)
  • msiesh.dll (28,672 bytes)
  • msiesh.new (29,184 bytes)
  • sysda32.dll (46,592 bytes)
  • sysda32.new (47,616 bytes)
  • submit2.exe (116,384 bytes)
  • submithook.dll (139,264 bytes)
  • uninstall.exe (21,019 bytes)
  • uninstall.ini (1,283 bytes)
  • image.dll (34,304 bytes)
  • mshp.dll (95,232 bytes)

The following Registry key(s) is/are added to hook system startup:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"Image" = "rundll32 :\WINDOWS\image.dll,Install "

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
"delsubmit " = "C:\Program Files\Common Files\submit.exe "

The Start page for Internet Explorer is also changed to a local HTML file related to the "searchxp.com" website.

homepage = "res://mshp.dll/sp.html#22776"

Users who would like to check for the presence of potentially unwanted programs on their system should run the command line scanner with the /PROGRAM switch.
Please note that VirusScan 7, and higher, has an option that enables users to detect this kind of program automatically (see below).

Aliases

Aliases

    N/A