My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Adware.Azsearch

MEDIUM
LOW
varies
(AZESearch)

Symptoms

Azesearch toolbar in Internet Explorer, pop-ups with advertisements, search websites not working properly.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Theodor-Iulian Ciobanu, virus researcher

Technical Description:

Azseach is a browser hijacker that changes your homepage and filters your searches on the most known web search engines to provide corrupted results. It installs a toolbar (Azesearch) in Internet Explorer and adds several links to Favorites.

The CLSIDs used by the toolbar are {a19ef336-01d4-48e6-926a-fe7e1c747aed}, {ba048011-957f-4ba0-a804-62c28d96f878}, {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}.

Registration as a BHO is under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}.

On install, its files are copied to the %SYSTEM% folder, and an executable is added to HKLM\Software\Microsoft\Windows\CurrentVersion\Run. File names vary, depending on the version being installed, but most start with AZE. One exception is iasada.dll, which is also a BHO that monitors your Internet Explorer. Its CLSID is {f65b197f-8260-4d52-909a-f70118e646eb}.