Home Malware Programs Browser Plugins iSearch.DesktopSearch

iSearch.DesktopSearch

Posted: April 28, 2006

iSearch.DesktopSearch is a browser plug-in that adds a pop-out search box to the Windows system tray and spawns "in-page" browser pop-ups when the user visits search sites. iSearch.DesktopSearch also may be bundled with "freeware" such as wallpapers and through force installs, without the user's consent, in security exploits from CoolWebSearch related sites.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 analexploits.url
    2 bigdickschoolfor2.95.url
    3 delprot.ini
    4 delprot.log
    5 delprot.sys
    6 desktop.exe
    7 edmond.exe
    8 evidenceeraser.lnk
    9 ffisearch.exe
    10 idinst.exe
    11 isearch.xpi
    12 mfiltis.dll
    13 msdbhk.dll
    14 popupblockerstopspopups.lnk
    15 spywareavenger.lnk
    16 sysupd.dll
    17 virushunter.url
    18 virushuntersecurity.lnk
    19 yourplatinumvisa.lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browserhelperHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\mfiltisHKEY_LOCAL_MACHINE\system\currentcontrolset\services\delprotHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\desktopsearchHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\ffis
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}950238fb-c706-4791-8674-4d429f85897e5b4ab8e2-6dc5-477a-b637-bf3c1a2e5993
Loading...