Home Malware Programs Browser Hijackers Searchdot

Searchdot

Posted: March 28, 2006

Searchdot is a browser hijacker that changes Internet Explorer default home and search pages and blocks access to popular Internet search engines and sites by sending a web browser to a predetermined server. Searchdot is bundled with some advertising-supported software. It can also be manually installed. The spyware runs on every Windows startup.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 sstyle.css
    2 systeminit.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Page_URL=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Search_URL=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchPage=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchCustomizeSearch=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchDefault_Search_URL=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchSearchAssistant=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerStylesUseMyStylesheet=1HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerStylesUserStylesheet=%Windir%sstyle.cssHKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainSearchBar=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainSearchPage=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerMainUseSearchAsst=noHKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerSearchCustomizeSearch=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerSearchSearchAssistant=[siteaddress]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunsystem32.dll=%Windir%Systemsysteminit.exe
Loading...