Home Rogue Websites Updatesearch.org


Posted: March 6, 2012

Updatesearch.org is a malicious site that pretends to offer free media player updates, but actually installs an adware program along with the appropriate Xvid codec. The adware that Updatesearch.org installs, a member of the ClickPotato family, will monitor your online web-browsing activities to display 'targeted' advertisements. Adware from Updatesearch.org may also make other modifications to your web browser, such as adding a shortcut. Since reputable websites offer Xvid codecs without Updatesearch.org's little addition, SpywareRemove.com malware research team recommends that you use such sites for your media updates in preference over Updatesearch.org, which has been blacklisted by several PC security entities due to its disreputable behavior. If your PC does become infected by Updatesearch.org-related adware, you can remove all components of a Clickpotato infection easily with any competent anti-malware product.

Updatesearch.org – the Last Source You Want to Use for Your Video Updates

Typical for its ilk, Updatesearch.org offers a commonly-required codec update, but this update has been poisoned with an added seed of adware that's not present in equivalent downloads from more trustworthy sources than Updatesearch.org. This addition can be detected as Adware.Clkpotato!gen, a member of AdWare.Win32/ClickPotato (AKA Adware.Clickpotato), an adware installer that's often distributed with file-sharing software and movie player updates. However, Clickpotato isn't an integral part of any of the applications that it's often bundled with, and SpywareRemove.com malware researchers recommend that you avoid installing any program that you suspect may include Clickpotato.

If you don't heed this advice, Updatesearch.org's toxic gift will include modifications to Internet Explorer and a blizzard of advertisements that will not present any options for being deactivated. Clickpotato-based adware has also been noted to monitor online actions to determine appropriate advertisements for delivery, which may also use up system resources and may slow down your PC. Updatesearch.org adware is specific to Windows, however, and can't function in non-Windows environments.

Rejecting Updatesearch.org's Rotten Spud without It Costing You Your Movie Time

Since clean versions of Xvid codecs are available from other sources than Updatesearch.org, SpywareRemove.com malware experts emphasize that there's no reason whatsoever to install Updatesearch.org's adware-saddled update. However, if you do suspect the presence of Updatesearch.org's Clickpotato adware, you can note the following symptoms and take appropriate action to resolve them:

  • Internet Explorer-based pop-up advertisements. These advertisements are unlikely to be screened for security purposes, and, under most circumstances, SpywareRemove.com malware researchers discourage interaction with them.
  • Loss of RAM and other system resources; this may be caused by Clickpotato remaining active in memory and monitoring your actions for advertisement selection purposes. This may also slow down your PC.
  • Toolbar or shortcut additions to Internet Explorer.

All of these issues can be removed by removing Updatesearch.org's Clickpotato adware, which is ideally accomplished via anti-malware software. Manual removal of Clickpotato may allow for some components, particularly Windows Registry additions, to remain on your PC, and should be considered as a last resort in the unlikely event of anti-malware programs failing.

Technical Details

File System Modifications

The following files were created in the system:

C:\Windows\assembly\tmp\U\[RANDOM] File name: C:\Windows\assembly\tmp\U\[RANDOM]
C:\Windows\SysWow64\[RANDOM].exe File name: C:\Windows\SysWow64\[RANDOM].exe
File type: Executable File
Mime Type: unknown/exe
C:\Program Files\Common Files\ComObjects\[RANDOM] File name: C:\Program Files\Common Files\ComObjects\[RANDOM]
%System%\drivers\[RANDOM CHARACTERS].sys File name: %System%\drivers\[RANDOM CHARACTERS].sys
File type: System file
Mime Type: unknown/sys
%Temp%\smtmp\1\[RANDOM] File name: %Temp%\smtmp\1\[RANDOM]
%Temp%\smtmp\2\[RANDOM] File name: %Temp%\smtmp\2\[RANDOM]
%Temp%\smtmp\3\[RANDOM] File name: %Temp%\smtmp\3\[RANDOM]
%Temp%\smtmp\4\[RANDOM] File name: %Temp%\smtmp\4\[RANDOM]

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{CLSID Path}HKEY_CLASSES_ROOT\CLSID\[RANDOM NUMBERS]HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks = "[RANDOM]"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchAssistant = "[SITE ADDRESS]"HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\Interface\[RANDOM NUMBERS]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\[RANDOM]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\[RANDOM]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[RANDOM NUMBERS]