Aze Search Toolbar

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview
Summary:	Aze Search Toolbar modifies the hosts and hijacks the following Domains to the following IP addresses: 69.50.166.11 www.google.com 69.50.166.11 google.com 69.50.166.11 www.google.co.uk 69.50.166.11 google.co.uk 69.50.166.11 www.google.ca 69.50.166.11 google.ca 69.50.166.11 www.google.es 69.50.166.11 google.es 69.50.166.11 www.google.de 69.50.166.11 google.de 69.50.166.11 www.google.fr 69.50.166.11 google.fr 69.50.166.11 www.google.com.au 69.50.166.11 google.com.au 69.50.166.14 www.yahoo.com 69.50.166.14 yahoo.com 69.50.166.12 www.msn.com 69.50.166.12 msn.com 69.50.166.12 search.msn.com 69.50.166.13 astalavista.com 69.50.166.13 www.astalavista.com 69.50.166.13 astalavista.box.sk 69.50.166.13 cracks.am 69.50.166.13 www.cracks.am 69.50.166.12 go.com A file is placed in the system root named 'hosts' that has all of this data listed. Searches performed under these domains have the actual search results supplanted with erroneous information. The results appear to be legitimate, with no indication of change, but when the same search is done on a machine that is not infected, much different results come back. For instance, I did a search using Google for the key word 'PestPatrol' while infected and the top results were http://www.Stop-Sign.com, http://www.softwareoasis.net/442.ht, and http://www.jdoqocy.com/click-1564080-10374065. When this same search was performed on a clean machine the results brought back www.pestpatrol.com, www.pestscan.com, and store.ca.com (all CA PestPatrol domains) as the top three results. Also, Aze Search Toolbar disables the Google toolbar and does not allow searches to be performed in it. Actually, in some testing, Aze Search Toolbar deleted Google Registry entries for the Toolbar would not be displayed. Furthermore, if Google is reinstalled after Aze, then the Google search functions are disabled. The user will be presented with a bogus 404 page with predetermined 'Associated Searches.' If a user navigates to 69.50.166.12/www.go.com they are presented with an erroneous page that has the MSN icon and look and feel, but all searches are erroneous.
Vendor Notes:	THE TEXT THAT FOLLOWS IS FROM THE AUTHOR OF AZE SEARCH TOOLBAR: 'When you surf Net hunting for free porn, you simply click on unknown links, visit strange sites and don't think about security. And once you catch undesirable software. If my page is opened arbitrarily by some harmful software it means there are people which do not like you and this is not my guilt. Homepage removing Prior to blaming me read the following: At first, try to fix inproper homepage, searchpage etc. by the newest version of our sofware.We use it in most such cases. Search for Spyware Remover's. If there software didn't help you download Remover To change your home page do the following: Select in your browser menu Tools -> Internet Options Type the address of your homepage in the field Address of the HomePage section e.g. http://microsoft.com or, if you wish see blank page, about:blank'
Alias:	Azsearch Toolbar, CoolWebSearch.MWSearch (Microsoft Anti-Spy), SimpleBar Toolbar, ZToolbar
Category:	Hijacker: Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search Hijacker: Any software that resets your browser's settings to point to other sites when you perform a search. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search results when such a hijacker is running will sometimes differ from non-hijacked results.
Similar Pests:	Hijacker · Search Hijacker
Origins
Author:	Www.azesearch.com/
Vendor:	Active-X: Publisher: PLEKS s.r.o.
Date of Origin:	March, 2005
Distribution
Distribution:	Aze Search Toolbar is distributed using Active-X from many sites.
Prevalence:	Aze Search Toolbar: 0.1% More Info
Clot Factor:	Aze Search Toolbar: 78 The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.
Growth:	Aze Search Toolbar: Insufficient data to report growth
Infection:	Installs the following Active-X component: c:\windows\system32\azesearch.ocx.
Operation
General:	BHO: ZToolbar Module
Advertising:	Yes
Storage Required:	Aze Search Toolbar: at least 529 KB
Browser Performance:	Likely to slow performance of Internet Explorer.
Risks
Risk:	This pest is HIGH risk, remove immediately.
Detection and Removal
Caution!!!:	Caution, do not open Internet Explorer or Explorer (MyComputer, iexplorer.exe or explorer.exe) while PestPatrol is running. It is fine if either is already open when PestPatrol is launched. Aze Search Toolbar has three critical files in system 32 that must be deleted. After deleting with PestPatrol, you will need to reset your homepage. This can be done by opening Internet Explorer clicking Tools > Internet Options > and typing desired homepage URL in the Address field. WARNING: Aze Search Toolbar modifies the hosts file (systemroot\system 32\drivers\etc\hotsts) , see Summary. Be sure to change this.
Automatic Removal:	PestPatrol detects this. PestPatrol removes this.
Manual Removal:	Follow these steps to remove Aze Search Toolbar from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
	Stop Running Processes: Kill these running processes with Task Manager: un.exe uninstall11.exe unv2.exe
	Unregister DLLs: Unregister these DLLs with Regsvr32, then reboot: azesearch.dll azesearch2.dll systemroot+\system32\iasad.dll
	Clean Registry: Remove these registry items (if present) with RegEdit: HKEY_CLASSES_ROOT\clsid\{a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb} HKEY_CLASSES_ROOT\clsid\{d7bf3304-138b-4dd5-86ee-491bb6a2286c} HKEY_CLASSES_ROOT\clsid\{fff5092f-7172-4018-827b-fa5868fb0478} HKEY_CLASSES_ROOT\interface\{6deee498-08cc-43f0-bca0-dbb5a25c9501} HKEY_CLASSES_ROOT\interface\{dcfab192-4a0e-4720-8e24-70d5f0cb8c39} HKEY_CLASSES_ROOT\interface\{f4394f24-163d-430b-b5af-b68b56031b99} HKEY_CLASSES_ROOT\typelib\{84c94803-b5ec-4491-b2be-7b113e013b77} HKEY_CLASSES_ROOT\ztoolbar.activator HKEY_CLASSES_ROOT\ztoolbar.activator.1 HKEY_CLASSES_ROOT\ztoolbar.activator\clsid\{fff5092f-7172-4018-827b-fa5868fb0478} HKEY_CLASSES_ROOT\ztoolbar.activator\curver HKEY_CLASSES_ROOT\ztoolbar.paramwr HKEY_CLASSES_ROOT\ztoolbar.paramwr.1 HKEY_LOCAL_MACHINE\software\azesearchco HKEY_LOCAL_MACHINE\software\azesearchco\azesearch HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{d7bf3304-138b-4dd5-86ee-491bb6a2286c} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fff5092f-7172-4018-827b-fa5868fb0478}
	Remove Files: Remove these files (if present) with Windows Explorer: 404[1].htm adult[1].url avp32.rpt aze search toolbar.txt azesearch.dll azesearch[1].cabb azesearch2.dll azesearch2.xmll desktopdir+\adult.url desktopdir+\casino.url desktopdir+\imagemagick.url desktopdir+\shopping.url desktopdir+\spyware remover.url f.csv.lnk favorites+\adult\adult dating.url favorites+\adult\anal sex.url favorites+\adult\animal sex.url favorites+\adult\bdsm.url favorites+\adult\escorts.url favorites+\adult\fetish.url favorites+\adult\free sex.url favorites+\adult\gay\free gay pic.url favorites+\adult\gay\gay dating.url favorites+\adult\gay\gay man.url favorites+\adult\gay\gay movies.url favorites+\adult\gay\gay personals.url favorites+\adult\gay\gay porn.url favorites+\adult\gay\gay sex.url favorites+\adult\gay\gay single.url favorites+\adult\gay\gay teen.url favorites+\adult\group sex.url favorites+\adult\lesbians\free lesbian porn.url favorites+\adult\lesbians\hot lesbian.url favorites+\adult\lesbians\lesbian kissing.url favorites+\adult\lesbians\lesbian movies.url favorites+\adult\lesbians\lesbian orgy.url favorites+\adult\lesbians\lesbian porn.url favorites+\adult\lesbians\lesbian sex.url favorites+\adult\lesbians\lesbian video.url favorites+\adult\lesbians\lesbians.url favorites+\adult\lesbians\teen lesbian.url favorites+\adult\mature sex.url favorites+\adult\penis enlargement.url favorites+\adult\porn video.url favorites+\adult\porn.url favorites+\adult\sex.url favorites+\adult\single girls.url favorites+\adult\swingers.url favorites+\adult\teen sex.url favorites+\adult\teens\nude teen.url favorites+\adult\teens\teen chat.url favorites+\adult\teens\teen model.url favorites+\adult\teens\teen porn.url favorites+\adult\teens\teen pussy.url favorites+\adult\teens\teen sex.url favorites+\adult\teens\teens.url favorites+\adult\teens\virgins.url favorites+\adult\teens\young teen.url favorites+\favorites\adware.url favorites+\favorites\cars.url favorites+\favorites\computer privacy\antivirus.url favorites+\favorites\computer privacy\computer privacy.url favorites+\favorites\computer privacy\computer security.url favorites+\favorites\computer privacy\firewalls.url favorites+\favorites\computer privacy\norton antivirus.url favorites+\favorites\computer privacy\pc cleaner.url favorites+\favorites\computer privacy\proxy list.url favorites+\favorites\computer privacy\spyware remover.url favorites+\favorites\computer privacy\virus scanner.url favorites+\favorites\computer security.url favorites+\favorites\dating.url favorites+\favorites\dating\adult datings.url favorites+\favorites\dating\brides.url favorites+\favorites\dating\chat.url favorites+\favorites\dating\dating.url favorites+\favorites\dating\free dating.url favorites+\favorites\dating\free gay dating.url favorites+\favorites\dating\free mature dating.url favorites+\favorites\dating\free single chat.url favorites+\favorites\dating\free teen dating.url favorites+\favorites\dating\russian dating.url favorites+\favorites\dating\russian girls.url favorites+\favorites\dating\sex contacts.url favorites+\favorites\dating\sex cruise.url favorites+\favorites\dating\sex personals.url favorites+\favorites\dating\single girls.url favorites+\favorites\dating\xxx chat.url favorites+\favorites\domain names.url favorites+\favorites\finance.url favorites+\favorites\games.url favorites+\favorites\humor.url favorites+\favorites\money\banks.url favorites+\favorites\money\business.url favorites+\favorites\money\credit cards.url favorites+\favorites\money\debt consolidation.url favorites+\favorites\money\finance.url favorites+\favorites\money\home mortgage.url favorites+\favorites\money\investing.url favorites+\favorites\money\job search.url favorites+\favorites\money\loan.url favorites+\favorites\money\money.url favorites+\favorites\money\mutual funds.url favorites+\favorites\money\personal finance.url favorites+\favorites\money\stocks.url favorites+\favorites\money\trading.url favorites+\favorites\movies.url favorites+\favorites\music and movies\artists.url favorites+\favorites\music and movies\dvd players.url favorites+\favorites\music and movies\instrumental music.url favorites+\favorites\music and movies\lyrics.url favorites+\favorites\music and movies\melody to mobile.url favorites+\favorites\music and movies\midi.url favorites+\favorites\music and movies\movies.url favorites+\favorites\music and movies\mp3 players.url favorites+\favorites\music and movies\mp3.url favorites+\favorites\music and movies\music albums.url favorites+\favorites\music and movies\music charts.url favorites+\favorites\music and movies\music.url favorites+\favorites\music and movies\radio.url favorites+\favorites\music and movies\soundtracks.url favorites+\favorites\music and movies\top10 mp3.url favorites+\favorites\music and movies\video.url favorites+\favorites\online pharmacy.url favorites+\favorites\sex personals.url favorites+\favorites\sports.url favorites+\favorites\spyware remover.url favorites+\favorites\viagra.url favorites+\favorites\weather.url favorites+\favorites\web hosting.url favorites+\gambling\baccarat.url favorites+\gambling\betting.url favorites+\gambling\bingo.url favorites+\gambling\blackjack.url favorites+\gambling\caribbean pirate poker.url favorites+\gambling\casino.url favorites+\gambling\gambling.url favorites+\gambling\horse racing.url favorites+\gambling\online casino.url favorites+\gambling\online gambling.url favorites+\gambling\poker.url favorites+\gambling\roulette.url favorites+\gambling\slot machines.url favorites+\gambling\sport betting.url favorites+\gambling\sportsbooks.url favorites+\gambling\video poker.url favorites+\pharmacy\carisoprodol.url favorites+\pharmacy\celebrex.url favorites+\pharmacy\cialis.url favorites+\pharmacy\crestor.url favorites+\pharmacy\levitra.url favorites+\pharmacy\lipitor.url favorites+\pharmacy\neurontin.url favorites+\pharmacy\online pharmacy.url favorites+\pharmacy\paxil.url favorites+\pharmacy\phentermine.url favorites+\pharmacy\tramadol.url favorites+\pharmacy\water phentermine.url favorites+\pharmacy\xanax.url favorites+\pharmacy\zocor.url favorites+\pharmacy\zoloft.url favorites+\shopping\battery.url favorites+\shopping\bed.url favorites+\shopping\cars.url favorites+\shopping\cds.url favorites+\shopping\cigarettes.url favorites+\shopping\cigars.url favorites+\shopping\contact lens.url favorites+\shopping\diamonds.url favorites+\shopping\gift shopping\boss gift.url favorites+\shopping\gift shopping\candles.url favorites+\shopping\gift shopping\flowers.url favorites+\shopping\gift shopping\gift clock.url favorites+\shopping\gift shopping\gift shopping.url favorites+\shopping\gift shopping\golf.url favorites+\shopping\gift shopping\perfume.url favorites+\shopping\gift shopping\sportswear.url favorites+\shopping\gift shopping\wholesale.url favorites+\shopping\gift shopping\wine.url favorites+\shopping\gifts.url favorites+\shopping\jewelry.url favorites+\shopping\knife.url favorites+\shopping\label.url favorites+\shopping\notebooks.url favorites+\shopping\office supplies.url favorites+\shopping\promotional products.url favorites+\shopping\shades.url favorites+\software\cheats and trainers.url favorites+\software\cracks and serials.url favorites+\software\crackspider.url favorites+\software\find cracks.url favorites+\software\full downloads.url favorites+\software\spyware remover.url favorites+\travel\adventure travel.url favorites+\travel\air travel.url favorites+\travel\business travel.url favorites+\travel\discount travel.url favorites+\travel\food.url favorites+\travel\hawaii travel.url favorites+\travel\lodging.url favorites+\travel\london travel.url favorites+\travel\travel agent.url favorites+\travel\travel insurance.url favorites+\travel\travel package.url favorites+\travel\travel reservation.url favorites+\travel\travel spain.url favorites+\travel\travel web site.url favorites+\travel\vacation cruises.url favorites+\travel\vacations.url hosts importme.lnk mega_super_puper_reg.txt peek.txt pesteditor.exe-1466f12f.pf profilepath+\recent\aze search.lnk rundll32.exe-271239c3.pf systemroot+\downloaded program files\azesearch.inf systemroot+\system32\adult.ico systemroot+\system32\azesearch.bmp systemroot+\system32\azesearch.ocx systemroot+\system32\azesearch.xml systemroot+\system32\azesearch2.ocx systemroot+\system32\azesearch2.xml systemroot+\system32\casino.ico systemroot+\system32\iasad.dll systemroot+\system32\shopping.ico systemroot+\system32\spywareremoval.ico toolbar screen shot.bmp.lnk un.exe uninstall11.exe unv2.exe wiadebug.log.lnk windows.lnk
	Remove Directories: Remove these directories (if present) with Windows Explorer: favorites+\adult favorites+\gambling
	Restore Settings: After following the instructions above, you will still need to restore your original settings and prevent this from happening again. Here''s how.
Research
File Analyses:	Aze Search Toolbar: 404[1].htm · adult dating.url · adult[1].url · avp32.rpt · aze search toolbar.txt · aze search.lnk · azesearch.dll · azesearch.ocx · azesearch.xml · azesearch[1].cabb · azesearch2.dll · azesearch2.ocx · azesearch2.xml · azesearch2.xmll · baccarat.url · betting.url · bingo.url · blackjack.url · caribbean pirate poker.url · casino.url · f.csv.lnk · gambling.url · horse racing.url · hosts · iasad.dll · imagemagick.url · importme.lnk · mega_super_puper_reg.txt · online casino.url · online gambling.url · peek.txt · pesteditor.exe-1466f12f.pf · poker.url · roulette.url · rundll32.exe-271239c3.pf · shopping.url · slot machines.url · sport betting.url · sportsbooks.url · spyware remover.url · toolbar screen shot.bmp.lnk · un.exe · uninstall11.exe · unv2.exe · video poker.url · wiadebug.log.lnk · windows.lnk
More Info:	AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
Research By:	Benjamin Googins PestPatrol's Pest Research Center
Last Revised:	April 25, 2005

Aze Search Toolbar

· Overview · · Origins · · Distribution · · Operation · · Risks · · Detection and Removal · · Research ·

Overview

Summary:

Vendor Notes:

Alias:

Category:

Similar Pests:

Origins

Author:

Vendor:

Date of Origin:

Distribution

Distribution:

Prevalence:

Clot Factor:

Growth:

Infection:

Operation

General:

Advertising:

Storage Required:

Browser Performance:

Risks

Risk:

Detection and Removal

Caution!!!:

Automatic Removal:

Manual Removal:

Research

File Analyses:

More Info:

Research By:

Last Revised:

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·