180search Assistant

Infection risk level: Elevated

Infection description: Hijacker. 180search Assistant monitors websites you visit which are then sent back to its servers to display other websites related to your browsing, as stated in their privacy policy.  We have documented many examples where it hijacks (redirects) your browser when you try to purchase something.  It seems to do this by matching target addresses with a list that it downloads after installation.  For example with PC Tools' own products Registry Mechanic and Spyware Doctor, it redirects a trial customer clicking the Purchase or Shopping Cart button to affiliate and competitor sites who one assumes are paying 180 Solutions (the host site during this hijack) for the redirection.

Advertising

Infection risk level: Low

Infection description: Advertising companies store cookies on a user’s computer to serve targeted ads based on the web surfers interests when visiting a website serving their ads.

Bargain Buddy

Infection risk level: Elevated

Infection description: Bargain Buddy consists of an IE Browser Helper Object, and a process set to run at startup. The BHO monitors web pages requested and terms entered into forms. If there is a match with a preset list of sites and keywords, an advertisement may be shown. The process can contact its maker's server to download updates to the list of advertisements and to the software itself.

BullsEye Network

Infection risk level: Elevated

Infection description: The software delivers information to you in the form of advertisements and other content based on the URLs and/or search terms you enter when navigating the Internet. These advertisements and other notifications may be displayed on your computer screen at any time while you are online.

Common Components for 180Solutions items

Infection risk level: Elevated

Infection description: Since threats created by 180 Solutions have similar files and keys, common components were created.

Common Components for Integrated Search Technologies (IST) Items

Infection risk level: Medium

Infection description: Since threats created by IST have similar files and keys, common components were created.

Common Components for Searchmiracle items

Infection risk level: Elevated

Infection description: Related to Elite sidesearch and Elitum toolbar, both originated from Searchmiracle.com.

Common Components Unrelated

Infection risk level: Medium

Infection description: These common components have files and keys that are in different threats but the threats are not related to one another in that the author of the signature is not the same. It is recommended that all these entries be removed.

CWS

Infection risk level: High

Infection description: CWS is a trojan that hijacks Internet Explorer start and search settings to one of several different web sites. Most of these web sites appear to have an affiliate relationship with coolwebsearch.com in which coolwebsearch pays them for every visitor they refer. There could be other domains involved in the future.

Elitum EliteBar (Search Miracle)

Infection risk level: Elevated

Infection description: This is a BHO Toolbar which hijacks your browser, pops up ads. Elitum EliteBar is also called SearchMiracle.

eXact Advertising

Infection risk level: Elevated

Infection description: eXact Advertising installs various other spyware applications such as CashBack and NaviSearch. These pieces of software deliver information to you in the form of advertisements and other content based on the URL's and/or search terms you enter when navigating the Internet. These advertisements and other notifications may be displayed on your computer screen at any time while you are online.

Funcade

Infection risk level: Medium

Infection description: Funcade is a program from the BullsEye Network, which offers a selection of games. It comes bundled other adware from BullsEye products such as Cashback and NaviSearch, which show the occasional pop-up advertisements.

InternetOptimizer

Infection risk level: Elevated

Infection description: An adware support software which is an error page hijacker. Internet Optimizer is bundled with various other threats.

ISTbar

Infection risk level: Medium

Infection description: ISTbar is a component based around porn. It adds a toolbar into Internet Explorer and hijacks the homepage and search page. Its controlling servers are xxxtoolbar.com, slotch.com, toolbarcash.com and www2.skoobidoo.com.

Jraun

Infection risk level: High

Infection description: This adware, hijacker and spyware modifies Internet Explorers settings and downloads and executes programs. It installs Golden Palace Casino and lots of other spyware which are in common with XXXToolbar and Slotchbar.

MediaMotor

Infection risk level: Elevated

Infection description: Downloads other spyware and adware related files onto the user's computer. It generates popups with header displaying Popuppers Advertisement Windows.

MediaPass

Infection risk level: High

Infection description: MediaPass is adware and it's purpose is to provide targeted advertisements to the user. It is installed via an ActiveX drive-by-download.

Powerscan

Infection risk level: Medium

Infection description: This software displays popups when you’re not even using the program to disguise the fact that their program is the one producing it.

SideFind

Infection risk level: Medium

Infection description: SideFind is a hijacker, a Browser Helper Object (BHO) that redirects your browser without your knowledge to websites different than what you selected.

Specific911 Hijack

Infection risk level: High

Infection description: Specific911 is a browser hijack targeting Internet Explorer. It begins by lowering the internet security settings to allow unsigned activeX to be executed. It hijacks the internet browser and modifies the host file, such that all sites are redirected to specific911.com

Tracking Cookie(s)

Infection risk level: Medium

Infection description: A tracking cookie is any cookie that is shared among two or more unrelated sites for the purpose of tracking a user's browsing and/or gathering and/or sharing information which many users regard as "private" Definitions of "private" may differ. Some consider any code "private" if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: "1www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * " The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie.

Trojan.ISEXEng

Infection risk level: Elevated

Infection description: Trojan.ISEXEng gets installed as a service by other adware/spyware products such as Cashback and Bargain Buddy.

WebRebates

Infection risk level: Medium

Infection description: WebRebates is a Browser Helper Object (BHO) Toolbar that is adware as it pops up unsolicited advertisements. It can also hijack your homepage.

Windows AdControl

Infection risk level: Elevated

Infection description: An adware based advertisement delivery software which displays targeted advertising offers.

Windows ZoneMap Protocol Defaults

Infection risk level: Low

Infection description: A threat exists which can set all the Restricted Zone Map Sites to be Trusted Sites. These zone maps can be viewed in the security settings of your browser.

YourSiteBar

Infection risk level: High

Infection description: Allows affiliates to create a custom marketing based toolbar and earn $0.25 for every installation of the toolbar.

Zango Search Assistant before December 2004

Infection risk level: High

Infection description: Zango is a hijacker. www.zango.com says it redirects you to websites of interest. The search engine does work but after a short time it resets your homepage to about:blank and offers you choice of search categories.

Note that newer versions of Zango are not threats and are named Zango Search Assistant 'after' December 2004, which is different from this Zango which is an actual threat.