GonnaSearch

Posted: March 28, 2006

GonnaSearch is an Internet Explorer toolbar providing a web search service and pop-up blocker. It intercepts Internet searches and sends a web browser to undesirable web sites. GonnaSearch is bundled with some advertising-supported products. It can also be manually installed. The threat runs every time the user launches Internet Explorer.

File System Modifications

The following files were created in the system:

# File Name

1 autosearch.exe

2 searchaddon.dll

3 toolbar.dll

4 webinfo.dll

#	File Name
1	autosearch.exe
2	searchaddon.dll
3	toolbar.dll
4	webinfo.dll

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOTAutoSearch.AutoSearchObjHKEY_CLASSES_ROOTAutoSearch.AutoSearchObj.1HKEY_CLASSES_ROOTSearchAddon.IEObjectHKEY_CLASSES_ROOTSearchAddon.IEObject.1HKEY_CLASSES_ROOTSoftomate.IEToolbarHKEY_CLASSES_ROOTSoftomate.IEToolbar.1HKEY_CLASSES_ROOTSoftomate.SoftomateObjHKEY_CLASSES_ROOTSoftomate.SoftomateObj.1HKEY_CLASSES_ROOTWebInfo.WebInfoObjHKEY_CLASSES_ROOTWebInfo.WebInfoObj.1HKEY_CURRENT_USERsoftwareSoftomateHKEY_LOCAL_MACHINESOFTWAREClassesAutoSearch.AutoSearchObjHKEY_LOCAL_MACHINESOFTWAREClassesAutoSearch.AutoSearchObj.1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSoftomate.SoftomateObjIEToolbar
The following CLSID's were detected:
HKEY..\..\{CLSID Path}1AE2F26C-8E23-4930-A68D-9E681A764001F7825D95-CDD7-4E73-BFDC-846DE0F336BEC1947E81-7036-4AC8-AC09-906224F6F4FC7E68F5F3-782C-4BCD-88DF-1E3D6350DE4C6D3F5DE4-E980-4407-A10F-9AC771ABAAE6A1376D2C-12EB-472B-9C8C-DB24448D3C917B9A715E-9D87-4C21-BF9E-F914F2FA953F3D11CBE7-1EEE-4C8F-AB5C-A4CF7939F1F1E7AFFF2A-1B57-49C7-BF6B-E5123394C970A55581DC-2CDB-4089-8878-71A080B2234292F02779-6D88-4958-8AD3-83C12D86ADC7799A370D-5993-4887-9DF7-0A4756A77D00

GonnaSearch

File System Modifications

Registry Modifications

Leave a Reply