Search:       

Thursday, 24 July 2014       

Spyware.DOASearch Spyware/Adware Definition


Name: Spyware.DOASearch
Category: Spyware
Alias: Trojan/StartPage.GT, daosearch, Troj/Daodrop-B, Trojan-Dropper.Win32.Small.vn
Advice: Remove
Risk: Elevated Risk Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
Description: Spyware.DOASearch is a Trojan dropper that when executed modifies the configurations of Internet Explorer.

When the file to dropper executes copy the following archives:
%system%Services{clsid}svchost.dll
%system%Services{clsid}svchost.exe
%system%Services{clsid}svchost32.dll
Where { clsid } is a generated value randomly and that is used like a folder within the registry of the system

In addition it creates the following entrance in the registry to be able to execute itself in each resumption of the system:
HKEY_LOCAL_MACHINESoftwareMicrosoft Windows CurrentVersionRun
"Service Host "=" %system%Services { clsid}svchost.exe

Also it modifies the following entrance in the registry:
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain
Start Page "=" HTTP :// daosearch.com

Next svchost32.dll installs the file, this file is loaded whenever a process is executed, if the navigating Web is executed this is united to the process and can make unloadings of updates of the troyano, to show emergent messages (popup)

Signatures: process: svchost.exe: MD5 Hash: 359430d258f55a2f25a... process: ms3.exe: MD5 Hash: a9f58c1f31e5408b032... process: ms4.exe: MD5 Hash: 72d8b85e0b956f8ad5a... process: mszx23.exe: MD5 Hash: a9f58c1f31e5408b032... process: security.exe: MD5 Hash: 67a323ad7b30648c269... process: svchost.exe: MD5 Hash: 756305639039ab4661a... process: dkload.exe: MD5 Hash: cd95c37eadbbb1c015f... process: svchost.exe: MD5 Hash: ad30bd685e21aa131ea... process: ms1.exe: MD5 Hash: b1c9f7ec2911770c41c... process: dkload.exe: MD5 Hash: 4639249b089353b648d... process: security.exe: MD5 Hash: ca0a69944f5b712d401... process: security.exe: MD5 Hash: 045a7ce9f10d74d128d..
Type: Spyware - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.


Top Spyware Visited Pages:
007.2Search
007.msnnames
00Sub7_20
Advanced Email Monitoring
AlwaysUpdateNews
ATLEvents.BHO
ATPartners
Aureate
Axexx CHM
Banker.TU
Bridge/WinFavorites
Brodcast DSSAGENT
C2.Lop
CommonSearch VCatch
Conducent

 


Main Menu
Home
Top Downloads
New Programs
Awards
Submit
Link to us
Spyware Definitions
Viruses Info
Recipes
Jokes
Contact us




 

 

- Privacy Policy -