Content

Adware-LugSearch

Type
Program
SubType
Adware
Discovery Date
09/27/2006
Minimum DAT
4861 (09/27/2006)
Updated DAT
5043 (05/31/2007)
Minimum Engine
5.1.00
Description Added
09/27/2006
Description Modified
08/09/2007 1:46 AM (PT)

Tab Navigation

Characteristics

Summary

This detection is for a “Potentially Unwanted Program” which when executed, apart from displaying pop up advertisments, might also redirect results from search engines such as google and yahoo.

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.aspx for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution & Privacy:

These programs do not self replicate. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc.

No privacy statement was displayed at the time of installing this adware.

System Changes:

When executed, this adware drops the following files:

  • %CurrentFolder%\[Random_Digits].dll

The dropped dll modifies the following registry key to enable third party browser extensions:

  • Hkey_Current_User\Software\Microsoft\Internet Explorer\Main "Enable Browser Extensions"

It then, registers itself as a Browser Helper Object (BHO), and the following associated registry elements are created:

  • Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\
    Browser Helper Objects\{14D1A72D-8705-11D8-B120-0040F46CB696}
  • Hkey_Classes_Root\CLSID\{14D1A72D-8705-11D8-B120-0040F46CB696}
  • Hkey_Classes_Root\TypeLib\{14D1A720-8705-11D8-B120-0040F46CB696}
  • Hkey_Classes_Root\Interface\{14D1A72C-8705-11D8-B120-0040F46CB696}
  • Hkey_Classes_Root\Bho_html.edit_html
  • Hkey_Classes_Root\Bho_html.edit_html.1

The installed BHO (Browser Helper Object), then monitors browser activity and redirects search results from search engines such as Yahoo, google etc. Apart from this, it also displays popup advertisments at regular intervals.

Aliases

Aliases

  • Adware.Poiskat [DrWeb]
  • Clicker.FLY [GRISoft AVG]
  • Trojan.Jakposh [Symantec]