|
TJ
|
Behavior
Adware.SearchCentrix is comprised of a number of Internet Explorer Toolbars, which can modify search requests and may display advertisements.
Symptoms
Your Symantec program detects Adware.SearchCentrix.
Transmission
Adware.SearchCentrix must be manually installed.
technical details
File names:
ssom.exe
webalize.exe
weblzedr.exe
seantb.dll
webalize.dll
pqhelper.dll
s4helper.dll
When Adware.SearchCentrix is installed, it performs the following actions:
1. May create some of the following files:
* %System%\seantb.dll
* %System%\webalize.dll
* %System%\pqhelper.dll
* %System%\s4helper.dll
* %System%\unins000.dat
* %System%\unins000.exe
* %ProgramFiles%\Dynamic ToolBar\SEANTB\Cache\*.*
* %ProgramFiles%\Dynamic ToolBar\PQHELPER\Cache\*.*
* %ProgramFiles%\Dynamic ToolBar\S4HELPER\Cache\*.*
Note:
* %ProgramFiles% is a variable that refers to the Program Files folder. By default, this is C:\Program Files.
* %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
2. May create some of the following registry subkeys:
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-D0EA-F16DB186FA7D}
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-D7e4-F660B597BF2A}
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FB-EF60B19DCE2E}
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FB-EF60B19DAB2D}
HKEY_CLASSES_ROOT\s4helper.S4HELPER
HKEY_CLASSES_ROOT\pqhelper.PQHELPER
HKEY_CLASSES_ROOT\seantb.SEANTB
HKEY_CLASSES_ROOT\webalize.WEBALIZE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0EA-F16DB186FA7D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DCE2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D7e4-F660B597BF2A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DAB2D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search-O-Matic Toolbar_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDirect_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webalize Search Utility_is1
HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-D0EA-F16DB186FA7D}
HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-D7e4-F660B597BF2A}
HKEY_ALL_USERS\SOFTWARE\Dynamic Toolbar
3. May add the values:
{4E7BD74F-2B8D-469E-D0EA-F16DB186FA7D}
{4E7BD74F-2B8D-469E-D7e4-F660B597BF2A}
to the registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_ALL_USERS\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser
4. May add the values:
"Use Search Asst" = "no"
"AutoSearch" = "0x00000000"
"Friendly http errors" = "yes"
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
5. May add the value:
"Search Bar" = "[ADDRESS ON SEARCHCENTRIX WEB SITE]"
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
6. May set the value:
"SearchAssistant" = "[ADDRESS ON SEARCHCENTRIX WEB SITE]"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
7. May set the value:
"provider" = "intranet"
in the registry key:
HKEY_CURRENT_USERS\Software\Microsoft\Internet Explorer\SearchUrl
To uninstall the Adware
1. Do one of the following:
* On the Windows 98 taskbar:
1. Click Start > Settings > Control Panel.
2. In the Control Panel window, double-click Add/Remove Programs.
* On the Windows Me taskbar:
1. Click Start > Settings > Control Panel.
2. In the Control Panel window, double-click Add/Remove Programs.
If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."
* On the Windows 2000 taskbar:
By default, Windows 2000 is set up the same as Windows 98, so follow the instructions for Windows 98. If otherwise, click Start, point to Settings > Control Panel, and then click Add/Remove Programs.
* On the Windows XP taskbar:
1. Click Start > Control Panel.
2. In the Control Panel window, double-click Add or Remove Programs.
2. Click Search-O-Matic ToolBar and/or Webalize Search Utility and/or WinDirect_is1and/or WinDirect
Note: You may need to use the scroll bar to view the whole list.
3. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.
To restore the default settings in Internet Explorer
1. Click Start > Settings > Control Panel
2. Select Internet Options
3. Select the Programs tab
4. Click Reset Web Settings
5. Click OK
6. Exit the Control Panel
To delete the values from the registry
1. Click Start > Run.
2. Type regedit
Then click OK.
3. Navigate to and delete the following registry keys, if present:
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-D0EA-F16DB186FA7D}
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-D7e4-F660B597BF2A}
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FB-EF60B19DCE2E}
HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FB-EF60B19DAB2D}
HKEY_CLASSES_ROOT\s4helper.S4HELPER
HKEY_CLASSES_ROOT\pqhelper.PQHELPER
HKEY_CLASSES_ROOT\seantb.SEANTB
HKEY_CLASSES_ROOT\webalize.WEBALIZE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0EA-F16DB186FA7D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DCE2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D7e4-F660B597BF2A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DAB2D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search-O-Matic Toolbar_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDirect_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webalize Search Utility_is1
HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-D0EA-F16DB186FA7D}
HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-D7e4-F660B597BF2A}
HKEY_ALL_USERS\SOFTWARE\Dynamic Toolbar
4. Navigate to the subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_ALL_USERS\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser
5. In the right pane, delete the following values if present:
{4E7BD74F-2B8D-469E-D0EA-F16DB186FA7D}
{4E7BD74F-2B8D-469E-D7e4-F660B597BF2A}
6. Navigate to and delete the values:
"Use Search Asst" = "no"
"AutoSearch" = "0x00000000"
"Friendly http errors" = "yes"
from the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
7. Navigate to and delete the value:
"Search Bar" = "[ADDRESS ON SEARCHCENTRIX WEB SITE]"
from the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
8. Navigate to and set the value:
"provider" = "intranet"
in the registry key:
HKEY_CURRENT_USERS\Software\Microsoft\Internet Explorer\SearchUrl
9. Exit the Registry Editor.
|
AlphaOne Technology Support Forums
Author
Logged
