Scan Spyware on Twitter
NOTE: This automated translation is for convenience only and it may not be completely accurate.
NOTE: This automated translation is for convenience only and it may not be completely accurate.

Monday, September 1, 2014

Bookmark and Share



websearch


        Download

Type: adware, hijacker

Alias: adware.websearch

Company: IBIS LLC

Description: Websearch is an adware component that modifies Internet Explorer's default home page and search settings. It adds a toolbar to Internet Explorer and a number of icons to the system tray. It also sends user information to a predetermined Web site, including keywords from searches.

websearch

Warning: A spy-ware removal software uses certain rules for detection and removal of spy-ware, malware, ad-ware and trojan from your PC. ScanSpyware.Net provides this information "AS IS" without warranty of any kind. Your use of this information is at your own risk. We strictly restrict you from using this information if you are not sure about what you are doing.


Recommendation 1: We recommend you to take a backup of Windows Registry before following these manual spyware removal instructions to fix your PC. You can do this by either creating a Restore Point using System Restore Utility in Windows System Tools or using the Export feature of regedit.exe.


Recommendation 2: By trying to remove spy-ware from your PC without getting any help from an expert may produce unexpected results. In case you suspect that your PC is infected with some spy-ware, ad-ware, malware or virus, just follow the instructions available at http://how-to.scanspyware.net/diagnose-and-fix.html to contact us for abolutely FREE help.


Directories

  • C:\Program Files\websearch
  • C:\Program Files\search toolbar
  • C:\Program Files\websearch\System
  • C:\Program Files\WebSearch Toolbar
  • C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools
  • C:\Program Files\websearch\System\Html
  • C:\Program Files\websearch\System\Code
  • C:\Program Files\websearch\System\Temp
  • C:\Program Files\websearch\Applications
  • C:\Program Files\websearch\System\MTemp
  • C:\Program Files\websearch\System\System
  • C:\Program Files\websearch\System\Images
  • C:\Program Files\WebSearch Toolbar\Skins
  • C:\Program Files\WebSearch Toolbar\Update
  • C:\Program Files\websearch\ApplicationData
  • C:\Program Files\WebSearch Toolbar\Cursors
  • C:\Program Files\WebSearch Toolbar\Recordings
  • C:\Program Files\WebSearch Toolbar\Update\Download
  • C:\Program Files\websearch\ApplicationData\Administrator

Files

  • C:\Windows\System32\Spotonbh.dll
  • C:\Documents and Settings\user-account-name\Local Settings\Temp\TBPS.exe
  • C:\Documents and Settings\user-account-name\Local Settings\Temp\temp.cab
  • C:\Documents and Settings\user-account-name\Local Settings\Temp\WBK1C0.TMP
  • C:\Documents and Settings\user-account-name\Local Settings\Temp\common.dll
  • C:\Documents and Settings\user-account-name\Local Settings\Temp\toolbar.dll
  • C:\Documents and Settings\user-account-name\Local Settings\Temp\IExploreSkins.exe
  • %temporaryinternetfilesdir%\[96]
  • C:\Program Files\websearch\popup.exe
  • %temporaryinternetfilesdir%\WBK1C1.TMP
  • %temporaryinternetfilesdir%\TB3[1].CAB
  • C:\Program Files\websearch\websearch.inf
  • C:\Program Files\websearch\websearch.exe
  • %temporaryinternetfilesdir%\GETXML[1].XML
  • C:\Program Files\websearch\websearch1.exe
  • %temporaryinternetfilesdir%\TBPSSVC[1].CAB
  • C:\Program Files\WebSearch Toolbar\rw.wzg
  • C:\Program Files\WebSearch Toolbar\ACC.TXT
  • C:\Program Files\WebSearch Toolbar\PIB.exe
  • C:\Program Files\WebSearch Toolbar\TBPS.dat
  • C:\Program Files\WebSearch Toolbar\TBPS.exe
  • %temporaryinternetfilesdir%\SETSTATUS[1].XML
  • C:\Program Files\websearch\websearchrun.exe
  • C:\Program Files\WebSearch Toolbar\xzxsv.wzg
  • C:\Program Files\search toolbar\stoolbar.dll
  • C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools\Home.url
  • C:\Windows\Downloaded Program Files\QDow_AS2.dll
  • C:\Program Files\WebSearch Toolbar\common.dll
  • %temporaryinternetfilesdir%\NEWMAJORSE2[1].CAB
  • C:\Program Files\WebSearch Toolbar\TBPSSvc.exe
  • C:\Program Files\WebSearch Toolbar\toolbar.dll
  • C:\Program Files\WebSearch Toolbar\*******.wzg
  • C:\Program Files\websearch\System\Temp\run.txt
  • C:\Program Files\websearch\System\Images\p.gif
  • C:\Program Files\WebSearch Toolbar\gykhxlmu.rmr
  • C:\Program Files\websearch\System\Temp\dump.txt
  • C:\Program Files\websearch\AutoTrack_README1.txt
  • C:\Program Files\websearch\System\MTemp\lock.txt
  • C:\Program Files\WebSearch Toolbar\Update\ACC.TXT
  • C:\Program Files\WebSearch Toolbar\Update\TB3.CAB
  • C:\Program Files\websearch\Applications\cmpck.dls
  • C:\Program Files\websearch\System\System\******.dls
  • C:\Program Files\websearch\System\MTemp\logfile.txt
  • C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools\Terms of Use.url
  • C:\Program Files\WebSearch Toolbar\IExploreSkins.exe
  • C:\Program Files\websearch\Applications\********.dls
  • C:\Program Files\websearch\System\System\browsers.dls
  • C:\Program Files\websearch\Applications\mercj1151.dls
  • C:\Program Files\websearch\System\System\shopping.dls
  • C:\Program Files\WebSearch Toolbar\Update\TBPSSVC.CAB
  • C:\Program Files\WebSearch Toolbar\Update\TBPSSVC.EXE
  • C:\Program Files\WebSearch Toolbar\Update\TOOLBAR.DLL
  • C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools\Privacy Policy.url
  • C:\Program Files\WebSearch Toolbar\Cursors\cursors.xml
  • C:\Program Files\websearch\ApplicationData\updates.dls
  • C:\Program Files\websearch\System\Temp\webcpr_grab0.htm
  • C:\Program Files\websearch\System\Html\webcpr_grab0.htm
  • C:\Program Files\websearch\System\System\personality.dls
  • C:\Program Files\websearch\ApplicationData\merchants.dls
  • C:\Program Files\websearch\System\Html\topmoxie_proxy.htm
  • C:\Program Files\websearch\ApplicationData\systemdata.dls
  • C:\Program Files\WebSearch Toolbar\Update\NEWMAJORSE2.CAB
  • C:\Program Files\WebSearch Toolbar\Update\NEWMAJORSE2.TXT
  • C:\Program Files\websearch\ApplicationData\systemdata1.dls
  • C:\Program Files\websearch\System\Html\topr1150_popup4.htm
  • C:\Program Files\websearch\System\Temp\webcpr_grab0_wo.htm
  • C:\Program Files\websearch\System\Html\topr1150_script0.htm
  • C:\Program Files\websearch\Applications\websearch_grock.dls
  • C:\Program Files\websearch\System\Temp\topr1150_script0.htm
  • C:\Program Files\websearch\System\Html\topmoxie_conflicts2.htm
  • C:\Program Files\websearch\System\Images\*****************.gif
  • C:\Program Files\websearch\System\Temp\topr1150_script0_wo.htm
  • C:\Program Files\websearch\System\Temp\topr1150_reg_popup1.htm
  • C:\Program Files\websearch\System\Html\topr1150_preferences0.htm
  • C:\Program Files\websearch\System\Images\topr1150_pop_circles.gif
  • C:\Program Files\websearch\System\Images\topr1150_pop_settings.gif
  • C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools\Frequently Asked Questions.url
  • C:\Program Files\websearch\System\Images\**********************.gif
  • C:\Program Files\websearch\System\Images\topr1150_register_footer.gif
  • C:\Program Files\websearch\ApplicationData\Administrator\data_topr1150.dls
  • C:\Program Files\websearch\System\Images\topr1150_popup_toprebates_hdr_small.gif
  • C:\Program Files\websearch\System\Images\topr1150_popup_toprebates_hdr_small2.gif
  • C:\Program Files\websearch\ApplicationData\Administrator\data_excludes_topr1150.dls

Registry Keys

  • HKEY_CURRENT_USER\Software\search toolbar
  • HKEY_LOCAL_MACHINE\Software\search toolbar
  • HKEY_CLASSES_ROOT\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}
  • HKEY_CLASSES_ROOT\CLSID\{310CC549-4541-46A9-940F-52B342A6E682}
  • HKEY_CLASSES_ROOT\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}
  • HKEY_CLASSES_ROOT\CLSID\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}
  • HKEY_CLASSES_ROOT\CLSID\{CABCF5E7-0C79-4F1C-909D-B9CF68FED746}
  • HKEY_CLASSES_ROOT\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A}
  • HKEY_CLASSES_ROOT\CLSID\{0A5CF411-F0BF-4AF8-A2A4-8233F3109BED}
  • HKEY_CLASSES_ROOT\TypeLib\{D8BD4DED-5BB2-4D4E-9A6A-F10244FED7D6}
  • HKEY_CLASSES_ROOT\TypeLib\{DB9A4E78-35DF-4A54-B6C5-C5190CEAF949}
  • HKEY_CLASSES_ROOT\INTERFACE\{618BE527-B7F5-417C-BC51-98FDC2D6DE61}
  • HKEY_CLASSES_ROOT\INTERFACE\{6F59D850-A155-4930-98AE-689A2BC7B8E8}
  • HKEY_CLASSES_ROOT\INTERFACE\{C380566D-F343-42AB-987B-6B38A1A35747}
  • HKEY_CLASSES_ROOT\INTERFACE\{D1951679-1D52-43FC-9585-0737143585F5}
  • HKEY_CLASSES_ROOT\Installer\Features\CA2E4A17C7EE67447B98D93D8144E0D0
  • HKEY_CLASSES_ROOT\Installer\Products\CA2E4A17C7EE67447B98D93D8144E0D0
  • HKEY_CLASSES_ROOT\Installer\UpgradeCodes\53E709BA426171644AFC9A3F08B933A7
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Search
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup\RC
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CABCF5E7-0C79-4F1C-909D-B9CF68FED746}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A5CF411-F0BF-4AF8-A2A4-8233F3109BED}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D8BD4DED-5BB2-4D4E-9A6A-F10244FED7D6}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB9A4E78-35DF-4A54-B6C5-C5190CEAF949}
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\CA2E4A17C7EE67447B98D93D8144E0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\INTERFACE\{618BE527-B7F5-417C-BC51-98FDC2D6DE61}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\INTERFACE\{6F59D850-A155-4930-98AE-689A2BC7B8E8}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\INTERFACE\{C380566D-F343-42AB-987B-6B38A1A35747}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\INTERFACE\{D1951679-1D52-43FC-9585-0737143585F5}
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\CA2E4A17C7EE67447B98D93D8144E0D0
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\CA2E4A17C7EE67447B98D93D8144E0D0
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\53E709BA426171644AFC9A3F08B933A7
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0A5CF411-F0BF-4AF8-A2A4-8233F3109BED}
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\CA2E4A17C7EE67447B98D93D8144E0D0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\websearch_grock.xml
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\53E709BA426171644AFC9A3F08B933A7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71A4E2AC-EE7C-4476-B789-9DD318440E0D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Features\CA2E4A17C7EE67447B98D93D8144E0D0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Products\CA2E4A17C7EE67447B98D93D8144E0D0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Components\C3D2CDB9A41E452EA544AB5033418FCB
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\53E709BA426171644AFC9A3F08B933A7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\%windir%/Downloaded Program Files/QDow_AS2.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CA2E4A17C7EE67447B98D93D8144E0D0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A5CF411-F0BF-4AF8-A2A4-8233F3109BED}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C3D2CDB9A41E452EA544AB5033418FCB

Registry Values

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\websearch
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\%windir%\Downloaded Program Files\QDow_AS2.dll
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%programfilesdir%\WebSearch Toolbar\PIB.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%programfilesdir%\WebSearch Toolbar\TBPS.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%programfilesdir%\WebSearch Toolbar\TBPSSvc.exe

Clsids

  • {8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}
  • {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED}