Overview
Summary:
In December 2003 ClearSearch was observed doing the following: every time the computer is started, ClearSearch will remove the search-hijacking part of Xupiter, HuntBar/MSLink, CommonName, NewDotNet, the iWon toolbar/search assistant and Netword.
Alias:
See Also:
Category:
Hijacker: Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.
Adware: Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear to be assocaited with the product.
Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.
Browser Helper Object: (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.
Toolbar: A group of buttons which perform common tasks. A toolbar for Internet Explorer is nomally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects.
Variants:
Similar Pests:
Origins
Group:
By This Group:
Mailing Address:
Phone:
EMail:
URL:
Date of Origin:
Place of Origin:
Distribution
Distribution:
Prevalence:
Clot Factor:
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.
Growth:
Operation
Platform:
Advertising:
Storage Required:
Browser Performance:
Risks
Privacy Issues:
Privacy Policy:
Security Issues:
Stability Issues:
Detection and Removal
Automatic Removal:
PestPatrol detects this.
PestPatrol removes this.
Manual Removal:
Kill these running processes with Task Manager:
Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\csv10p1, delete it and reboot the machine immediately.
Unregister these DLLs with Regsvr32, then reboot:
Remove these registry items (if present) with RegEdit:
Remove these files (if present) with Windows Explorer:
Remove these directories (if present) with Windows Explorer:
After following the instructions above, you will still need to restore your original settings and prevent this from happening again.
Research
File Analyses:
- ClearSearch: 25215765.exe · 66119866.exe · bi.dll · clearsearch.txt · clrschieplugin.dll · clrschuninstall.exe · control.dat · csaolinst.dll · csbb.dll · csbi.dll · csie.dll · csie_checks.dat · csie_edomains.dat · csie_srchrule.dat · csiehookinst.dll · csieinst.dll · csldrupdater.dll · csp001[1].exe · cssb.dll · csss.dll · csuninst.dll · csv10p070.exe · csv12p108.exe · csv7p88.exe · cszt.dll · djtopr1150.exe · fnuninstaller.exe · ie_clrsch.dll · ietie.dll · jy0458in.dll · jy0458in.exe · loader.exe · ss.dll · update_removeold.dll · update_rsp.dll