AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
January 08, 2009, 09:49:23 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 5356 Members
Latest Member: Gagabaksik
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Adware Alerts  |  Topic: Adware.Ztoolbar 0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Adware.Ztoolbar  (Read 1052 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
Adware.Ztoolbar
« on: August 13, 2005, 09:01:50 PM »
Behavior
Adware.Ztoolbar is an Internet Explorer search toolbar that may display advertisements.

Symptoms
The files are detected as Adware.Ztoolbar.

Transmission

Adware.Ztoolbar is dropped by Trojan.Dropper together with Trojan.StartPage.J

technical details

When Adware.Ztoolbar is executed, it performs the following actions:

   1. Creates the following registry entries:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
      \{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
      HKEY_LOCAL_MACHINE\SOFTWARE\ZSearchCo\ZSearch
      HKEY_CLASSES_ROOT\ZToolbar.StockBar
      HKEY_CLASSES_ROOT\ZToolbar.StockBar.1
      HKEY_CLASSES_ROOT\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
      HKEY_CLASSES_ROOT\ZToolbar.activator.1
      HKEY_CLASSES_ROOT\ZToolbar.activator
      HKEY_CLASSES_ROOT\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}
      HKEY_CLASSES_ROOT\ZToolbar.ParamWr.1
      HKEY_CLASSES_ROOT\ZToolbar.ParamWr
      HKEY_CLASSES_ROOT\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}
      HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}
      HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
      HKEY_CLASSES_ROOT\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}
      HKEY_CLASSES_ROOT\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}

      So that the Adware.Ztoolbar gets loaded as an Internet Explorer search toolbar.

   2. All queries are sent to [http://]www.tnssearch.com/[REMOVED] when the search toolbar is used. Search results may contain advertisements.

To delete the value from the registry
   1. Click Start > Run.
   2. Type regedit

      Then click OK.
   3. Navigate to and delete the following registry entries:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
      \{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
      HKEY_LOCAL_MACHINE\SOFTWARE\ZSearchCo\ZSearch
      HKEY_CLASSES_ROOT\ZToolbar.StockBar
      HKEY_CLASSES_ROOT\ZToolbar.StockBar.1
      HKEY_CLASSES_ROOT\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
      HKEY_CLASSES_ROOT\ZToolbar.activator.1
      HKEY_CLASSES_ROOT\ZToolbar.activator
      HKEY_CLASSES_ROOT\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}
      HKEY_CLASSES_ROOT\ZToolbar.ParamWr.1
      HKEY_CLASSES_ROOT\ZToolbar.ParamWr
      HKEY_CLASSES_ROOT\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}
      HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}
      HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
      HKEY_CLASSES_ROOT\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}
      HKEY_CLASSES_ROOT\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Adware Alerts  |  Topic: Adware.Ztoolbar « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!