Threat Description:Adware:W32/EzTracks


Name :	Adware:W32/EzTracks
Category:	Spyware
Type:	Adware
Platform:	W32

Summary

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.

Details

File System Changes
Creates these files:

\SearchCar\+.bmp
\SearchCar\-.bmp
\SearchCar\basis.xml
\SearchCar\block.bmp
\SearchCar\Cache
\SearchCar\clean.bmp
\SearchCar\film.bmp
\SearchCar\find.bmp
\SearchCar\home.bmp
\SearchCar\icons.bmp
\SearchCar\lianmeng.bmp
\SearchCar\mp3.bmp
\SearchCar\ring.bmp
\SearchCar\SearchCar.crc
\SearchCar\SearchCar.dll
\SearchCar\shoucang.bmp
\SearchCar\standard_icons.bmp
\SearchCar\tv.bmp
\SearchCar\version.txt
\SearchCar\weather.bmp

Create these directories:

\SearchCar

Network Connections
Attempts to connect with HTTP to:

toolsbar.kuaiso.com

Registry Modifications
Sets these values:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page = "http://toolsbar.kuaiso.com/index.htm"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
SearchAssistant = "http://toolsbar.kuaiso.com/search.html"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}

Creates these keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP03129
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP03129.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB03129.IEToolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB03129.XBTB03129
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB03129.XBTB03129.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3936CB2-582C-47ab-8A77-A2997ADFCCEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7F690C83-DF75-4007-9BD9-1CE465522011}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3936CB2-582C-47ab-8A77-A2997ADFCCEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB03129.XBTB03129Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3936CB2-582C-47AB-8A77-A2997ADFCCEC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583

Additional Details

This adware will install as a toolbar on the Microsoft Internet Explorer web browser. In addition, it changes the browser start page and search page in order to display advertisements.

Installation

During installation, the adware loads the following module into the Internet Explorer process:

\SearchCar\SearchCar.dll

Tools

Choose Location:

Navigation

Subnavigation

Labs

Adware:W32/EzTracks

Summary

Details

Additional Details

Tools

Choose Location:

Navigation

Subnavigation

Labs

Where You Are

Adware:W32/EzTracks

Summary

Details

Additional Details