Content
Adware-Alexa
- Type
- Program
- SubType
- Adware
- Discovery Date
- 02/23/2005
- Length
- Minimum DAT
- 4420 (01/19/2005)
- Updated DAT
- 5715 (08/20/2009)
- Minimum Engine
- 5.1.00
- Description Added
- 01/19/2005
- Description Modified
- 03/18/2005 6:32 AM (PT)
Tab Navigation
Characteristics
McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.
Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
Summary:
Upon execution of this application, Alexa toolbar is installed in Internet Explorer. Search keywords used in Google were transferred to Alexa servers. Also Alexa sends personal information such as usernames to the Alexa site.
Installation:
Filename : AlexaInstaller.exe
MD5 : 9e9601f62db49513151f60e3a3b5519d
Filenames and locations may vary from version to version.
An EULA of length 8851 words was displayed at the time of installation.
The following files are dropped when the application is executed.
AlxTB1.dll
AlxRes.dll
The following registry entries confirm Dll registration and startup entries made by this application.
HKEY_CLASSES_ROOT\CLSID\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}
HKEY_CLASSES_ROOT\CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}
HKEY_CLASSES_ROOT\CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}
HKEY_CLASSES_ROOT\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}
HKEY_CLASSES_ROOT\CLSID\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}
HKEY_CLASSES_ROOT\CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}
HKEY_CLASSES_ROOT\Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}
HKEY_CLASSES_ROOT\Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}
HKEY_CLASSES_ROOT\Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}
HKEY_CLASSES_ROOT\Interface\{B79D9232-A798-43DB-9E61-281D550460E4}
HKEY_CLASSES_ROOT\Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}
HKEY_CLASSES_ROOT\Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}
HKEY_CLASSES_ROOT\Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}
HKEY_CLASSES_ROOT\Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}
HKEY_CLASSES_ROOT\Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}
HKEY_CLASSES_ROOT\Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}
HKEY_CLASSES_ROOT\Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}
HKEY_CLASSES_ROOT\Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}
HKEY_CLASSES_ROOT\Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}
HKEY_CLASSES_ROOT\Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}
HKEY_CLASSES_ROOT\Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}
HKEY_CLASSES_ROOT\Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}
HKEY_CLASSES_ROOT\Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}
HKEY_CLASSES_ROOT\Interface\{0BBB0424-E98E-4405-9A94-481854765C80}
HKEY_CLASSES_ROOT\Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}
HKEY_CLASSES_ROOT\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}
HKEY_CLASSES_ROOT\TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}
HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar
Symptoms
Modification to IE Toolbar.
Modification of default home page to “http://www.alexa.com/?p=home”
Method of Infection
N/A. This is not a trojan or virus.
Variants
Variants
N/A
All Information
Overview -
This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.
Aliases
- Adware.ToolBar.AlexaBar.a (Kaspersky)
Characteristics
Characteristics -
McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.
Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
Summary:
Upon execution of this application, Alexa toolbar is installed in Internet Explorer. Search keywords used in Google were transferred to Alexa servers. Also Alexa sends personal information such as usernames to the Alexa site.
Installation:
Filename : AlexaInstaller.exe
MD5 : 9e9601f62db49513151f60e3a3b5519d
Filenames and locations may vary from version to version.
An EULA of length 8851 words was displayed at the time of installation.
The following files are dropped when the application is executed.
AlxTB1.dll
AlxRes.dll
The following registry entries confirm Dll registration and startup entries made by this application.
HKEY_CLASSES_ROOT\CLSID\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}
HKEY_CLASSES_ROOT\CLSID\{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}
HKEY_CLASSES_ROOT\CLSID\{7BF3A7DB-A516-4e24-B40A-F60B34699E26}
HKEY_CLASSES_ROOT\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3}
HKEY_CLASSES_ROOT\CLSID\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}
HKEY_CLASSES_ROOT\CLSID\{27D784D7-9217-4227-B43B-E06E4781E0CB}
HKEY_CLASSES_ROOT\Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}
HKEY_CLASSES_ROOT\Interface\{DC21CEDE-3B81-43D7-B816-DAEFA7B4901F}
HKEY_CLASSES_ROOT\Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}
HKEY_CLASSES_ROOT\Interface\{B79D9232-A798-43DB-9E61-281D550460E4}
HKEY_CLASSES_ROOT\Interface\{B71C7D9A-DA43-4E8B-BB9B-1684AC2AF324}
HKEY_CLASSES_ROOT\Interface\{AC2A5E17-05ED-4E62-86E5-84779E8F0BCA}
HKEY_CLASSES_ROOT\Interface\{ABF7C4D4-53EF-4C15-8951-D22F63C98E9F}
HKEY_CLASSES_ROOT\Interface\{A6A08CBD-6673-41B1-B997-3F83A25B45B0}
HKEY_CLASSES_ROOT\Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}
HKEY_CLASSES_ROOT\Interface\{9BAB764B-E4F3-4C7B-99AD-CDF636BBE3A8}
HKEY_CLASSES_ROOT\Interface\{738CB0ED-54A7-4061-AE2E-40EFD9B1EEF6}
HKEY_CLASSES_ROOT\Interface\{6912BEB3-E20C-4953-8C8E-E91B12B55BFC}
HKEY_CLASSES_ROOT\Interface\{5A9961FD-B0A6-4065-9552-EBFC199683A3}
HKEY_CLASSES_ROOT\Interface\{49160F0D-6BE2-4F5F-BCDB-9256DA3BB120}
HKEY_CLASSES_ROOT\Interface\{3F41980D-B681-488E-9757-0C9744F9C3CE}
HKEY_CLASSES_ROOT\Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}
HKEY_CLASSES_ROOT\Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}
HKEY_CLASSES_ROOT\Interface\{0BBB0424-E98E-4405-9A94-481854765C80}
HKEY_CLASSES_ROOT\Interface\{04D79E9F-09A9-4AED-9FC2-6E63A3BCA51E}
HKEY_CLASSES_ROOT\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}
HKEY_CLASSES_ROOT\TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Alexa Web Search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}
HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar
Symptoms
Symptoms -
Modification to IE Toolbar.
Modification of default home page to “http://www.alexa.com/?p=home”
Method of Infection
Method of Infection -
N/A. This is not a trojan or virus.
Removal -
Removal -
Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs
Variants
Variants -
N/A