Home Malware Programs Browser Plugins Pugi


Posted: March 28, 2006

Pugi is an Internet Explorer toolbar providing a web search service and sponsored links. Pugi changes the web browser's default home, search and error pages and modifies some related settings. It also tracks user Internet activity, shows commercial pop-up advertisements and may block access to some reputable security-related web sites. The spyware is able to silently update itself via the Internet. Pugi is bundled with several ad-supported applications and even spywares. It is also distributed through ActiveX drive-by downloads and therefore can get into the computer while visiting some insecure Internet resources. The threat runs every time the user launches Internet Explorer.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 explbar.dll
    2 google_toolbar.dll
    3 masterbar.dll
    4 qi32.dll
    5 sidebar.dll
    6 srchitbar.dll
    7 toolbar.dll

Registry Modifications

  • The following newly produced Registry Values are:
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}A55581DC-2CDB-4089-8878-71A080B22342A3E02B37-8608-4F57-AD58-AB91F32BA4F43789CBF0-C4CA-4E98-B93B-22ACF0587FBA