SearchMaid
SearchMaid is a browser hijacker that changes Internet Explorer default start and search pages to web sites on the searchmaid.com domain. The spyware installs a toolbar and shows undesirable commercial advertisements. SearchMaid can get into the computer along with some ad-supported software. It also can be manually installed. SearchMaid secretly runs on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 1.bmp 2 2.bmp 3 5e60971403.exe 4 govm.dll 5 govm.dll.htm 6 helper.exe 7 logo.bmp 8 uninstall.bat 9 virtualmaid.dll 10 virtualmaid.xml
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOTGoVM.ContextItemHKEY_CLASSES_ROOTGoVM.ContextItem.1HKEY_CLASSES_ROOTVM.VMObjHKEY_CLASSES_ROOTVM.VMObj.1HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Page_URL=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Search_URL=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainLocalPage=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchBar=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchPage=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMenuExt&RSDNSearchHKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchUrl=[siteaddress]HKEY_CURRENT_USERSoftwareVirtualMaidHKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainDefault_Page_URL=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainDefault_Search_URL=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainLocalPage=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainSearchBar=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainSearchPage=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerSearchCustomizeSearch=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerSearchSearchAssistant=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRunwinlogon.exe=helper.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallVirtualMaidVirtualMaidHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionguid=AA8214E9-C7E6-4b66-A049-19AD20944CBF - The following CLSID's were detected:
HKEY..\..\{CLSID Path}42C7653A-5834-45A1-899A-ED0DFA370D21AB2DDE8C-CBFF-491A-9825-87B8BB4CBFE0835BAA68-B5E5-47D5-A18D-2A4E0F5B72D58B0B6F79-C50D-4ea6-8F65-BDF18005DE2077B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.