Content

Adware-Searcher

Type
Program
SubType
Adware
Discovery Date
05/25/2005
Minimum DAT
4499 (05/25/2005)
Updated DAT
4623 (11/08/2005)
Minimum Engine
5.1.00
Description Added
05/25/2005
Description Modified
08/16/2005 6:14 PM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program." It is a direct-marketing adware application. The file is a Browser Helper Object that inserts hyperlinks silently into web pages viewed with Internet Explorer. These hyperlinks lead to "http://66.216.114.15/SearchRedirect.aspx?SearchID=#?UserID=#" where the values for SearchID and UserID vary depending on the context and installation.

This application does not display a license agreement when installed.

Privacy

A privacy policy is not displayed during installation. The software does not appear to transmit data from the host system.

System Changes

General defaults for typical environment variables (although they may be different, they usually are not):
%WinDir% = C:\WINDOWS (Windows 9x/ME/XP), C:\WINNT (Windows NT/2000)
%SystemDir% = C:\WINDOWS\SYSTEM32 (Windows 9x/ME/XP), C:\WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = C:\Program Files

Files Added

  • Installer: sww_searchtool.exe
    MD5: 7E5F24614F469ABEFEBC007A6B983668
  • c:\documents and settings\all users\application data\linkbho\linkbho.dll (216 KB)
    MD5: BB047F78E4792E8CEEE01222B077B163
    Note: The path where the file resides may vary. Also, "link.dat/.bak/.bin" and "user.dat/.bak/.bin" files may be present in this location as well.
  • %SystemDir%\olelib2.tlb* (21 KB)
  • %SystemDir%\olelib.tlb* (556 KB)

* Although these files are added as a result of installing this application, they appear by themselves innocent and may already be present on a system and used by other applications. Therefore, they are not included in detection or removal.

Registry

The following registry keys are created:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Explorer\Browser Helper Objects\{CC924BD1-7382-4619-A706-070CB00F2325}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Uninstall\SSW_SearchTool
  • HKEY_CLASSES_ROOT\TypeLib\{5F54559F-670F-4C1A-A526-9533B575E889}
  • HKEY_CLASSES_ROOT\LinkBHO.cIExplorer
  • HKEY_CLASSES_ROOT\Interface\{CA621437-CB64-462A-94C4-0386E6158416}
  • HKEY_CLASSES_ROOT\CLSID\{CC924BD1-7382-4619-A706-070CB00F2325}

Aliases

Aliases

    N/A