1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Spyware Descriptions
  6. Adware:W32/EzTracks

Adware:W32/EzTracks

Name : Adware:W32/EzTracks
Category:Spyware
Type:Adware
Platform:W32

Summary

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.

Details


File System Changes
Creates these files:

  •  \SearchCar\+.bmp
  •  \SearchCar\-.bmp
  •  \SearchCar\basis.xml
  •  \SearchCar\block.bmp
  •  \SearchCar\Cache
  •  \SearchCar\clean.bmp
  •  \SearchCar\film.bmp
  •  \SearchCar\find.bmp
  •  \SearchCar\home.bmp
  •  \SearchCar\icons.bmp
  •  \SearchCar\lianmeng.bmp
  •  \SearchCar\mp3.bmp
  •  \SearchCar\ring.bmp
  •  \SearchCar\SearchCar.crc
  •  \SearchCar\SearchCar.dll
  •  \SearchCar\shoucang.bmp
  •  \SearchCar\standard_icons.bmp
  •  \SearchCar\tv.bmp
  •  \SearchCar\version.txt
  •  \SearchCar\weather.bmp


Create these directories:

\SearchCar


Network Connections
Attempts to connect with HTTP to:

  • toolsbar.kuaiso.com



Registry Modifications
Sets these values:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main  
    Start Page = "http://toolsbar.kuaiso.com/index.htm"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
    SearchAssistant = "http://toolsbar.kuaiso.com/search.html"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks 
    {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar 
    {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}  


Creates these keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP03129        
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP03129.1        
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB03129.IEToolbar        
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB03129.XBTB03129        
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB03129.XBTB03129.1        
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}        
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3936CB2-582C-47ab-8A77-A2997ADFCCEC}        
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7F690C83-DF75-4007-9BD9-1CE465522011}        
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3936CB2-582C-47ab-8A77-A2997ADFCCEC}        
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB03129.XBTB03129Toolbar        
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3936CB2-582C-47AB-8A77-A2997ADFCCEC}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583


Additional Details

This adware will install as a toolbar on the Microsoft Internet Explorer web browser. In addition, it changes the browser start page and search page in order to display advertisements. 


Installation

During installation, the adware loads the following module into the Internet Explorer process:

  •  \SearchCar\SearchCar.dll