Home Malware Programs Browser Hijackers Aze Search Toolbar

Aze Search Toolbar

Posted: April 25, 2006

Aze Search Toolbar is a malicious program hijacker and is often bundled with spyware and adware.

Aze Search Toolbar changes the hosts & hijacks the domains of google, yahoo, msn, cracks.am, go.com and astalavista.com. When user searches for something on the hijacked domains, the page might look like your usual Internet Explorer, but the result quality is different, it´s full of annoying ads and the actual results are burried below. Aze Search Toolbar also redirects mistyped urls.

Aze Search toolbar hijacks and disables Google Toolbar leaving it useless, because searches through Google Toolbar would only bring errorneous pages.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 adult.ico
    2 avp32.rpt
    3 azentretien.dll
    4 azesearch.bmp
    5 azesearch.dll
    6 azesearch.inf
    7 azesearch.lnk
    8 azesearch.ocx
    9 azesearch.xml
    10 azesearch2.dll
    11 azesearch2.ocx
    12 azesearch2.xml
    13 azesearch2.xmll
    14 azesearch[1].cabb
    15 azesearchtoolbar.txt
    16 casino.ico
    17 f.csv.lnk
    18 iasad.dll
    19 importme.lnk
    20 mega_super_puper_reg.txt
    21 peek.txt
    22 pesteditor.exe-1466f12f.pf
    23 rundll32.exe-271239c3.pf
    24 shopping.ico
    25 spywareremoval.ico
    26 toolbarscreenshot.bmp.lnk
    27 un.exe
    28 uninstall11.exe
    29 unv2.exe
    30 wiadebug.log.lnk
    31 windows.lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\software\azesearchcoHKEY_LOCAL_MACHINE\software\azesearchco\azesearchHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browserhelper[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\HKEY..\..\..\..{RegistryKeys}CurrentVersion\Run]"AntivirusGold"="C:\\ProgramFilesHKEY_CLASSES_ROOT\ztoolbar.activatorHKEY_CLASSES_ROOT\ztoolbar.activator.1HKEY_CLASSES_ROOT\ztoolbar.activator\curverHKEY_CLASSES_ROOT\ztoolbar.paramwrHKEY_CLASSES_ROOT\ztoolbar.paramwr.1\\AntivirusGold\\AntivirusGold.exe/h"
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}84c94803-b5ec-4491-b2be-7b113e013b77f4394f24-163d-430b-b5af-b68b56031b99dcfab192-4a0e-4720-8e24-70d5f0cb8c396deee498-08cc-43f0-bca0-dbb5a25c9501fff5092f-7172-4018-827b-fa5868fb0478d7bf3304-138b-4dd5-86ee-491bb6a2286ca6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb
Loading...