Name: Spyware.DOASearch Category: Spyware Alias: Trojan/StartPage.GT, daosearch, Troj/Daodrop-B, Trojan-Dropper.Win32.Small.vn Advice: Remove Risk: Elevated Risk Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Description: Spyware.DOASearch is a Trojan dropper that when executed modifies the configurations of Internet Explorer. When the file to dropper executes copy the following archives: %system%Services{clsid}svchost.dll %system%Services{clsid}svchost.exe %system%Services{clsid}svchost32.dll Where { clsid } is a generated value randomly and that is used like a folder within the registry of the system In addition it creates the following entrance in the registry to be able to execute itself in each resumption of the system: HKEY_LOCAL_MACHINESoftwareMicrosoft Windows CurrentVersionRun "Service Host "=" %system%Services { clsid}svchost.exe Also it modifies the following entrance in the registry: HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain Start Page "=" HTTP :// daosearch.com Next svchost32.dll installs the file, this file is loaded whenever a process is executed, if the navigating Web is executed this is united to the process and can make unloadings of updates of the troyano, to show emergent messages (popup) Signatures: process: svchost.exe: MD5 Hash: 359430d258f55a2f25a... process: ms3.exe: MD5 Hash: a9f58c1f31e5408b032... process: ms4.exe: MD5 Hash: 72d8b85e0b956f8ad5a... process: mszx23.exe: MD5 Hash: a9f58c1f31e5408b032... process: security.exe: MD5 Hash: 67a323ad7b30648c269... process: svchost.exe: MD5 Hash: 756305639039ab4661a... process: dkload.exe: MD5 Hash: cd95c37eadbbb1c015f... process: svchost.exe: MD5 Hash: ad30bd685e21aa131ea... process: ms1.exe: MD5 Hash: b1c9f7ec2911770c41c... process: dkload.exe: MD5 Hash: 4639249b089353b648d... process: security.exe: MD5 Hash: ca0a69944f5b712d401... process: security.exe: MD5 Hash: 045a7ce9f10d74d128d.. Type: Spyware - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.