allentech.net

Home > Browser Parasites > Parasite Database > ActualNames

About Us

Online Stores

TQ Support

Web Services

Database Help

Tech Links

Projects

Online Manual

Browser Parasites

Privacy Policy

Contact us

Send Page

Limited Time!
Totally FREE Web Design!
Click here!

Blue Host

Parasite: ActualNames

This record last updated Tue Sep 20 2005 00:34:14

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

The ActualNames software is an address bar search hijacker targeting IE, Netscape and AOL browsers.

It also seems to contain components to interfere with the sending of mail from various applications and web sites. However, the function of these files has not been pinned down.

Variants

The software may or may not come with ActualNames/BrowseProxy, an ActiveX installer component, depending on how it was installed.

Also known as

AdvSearch, after its folder name; SearchPike, after its program name.

Distribution

Bundled with KazaaMate/Kazaa-Pal, which is distributed by ActualNames and typically bundles many other parasites. Suspected also to be installed by ActiveX drive-by download from some pop-ups.

What it does

Advertising

No.

Privacy violation

No.

Security issues

Yes. ActualNames can silently download and execute arbitrary unsigned code from its controlling server actualnames.com/quicklinknet.net, as a self-updating feature.

ActualNames/BrowseProxy is also a severe security hole as it allows any web site to execute arbitrary programs.

Stability problems

None known (other than its tendency to contact its server at startup and every ten minutes, which can be problematic for auto-connect).

Removal

Go to the Control Panel’s Add/Remove Programs feature, choose ‘AdvSearch’ and click ‘Remove’.

Manual removal

Open a DOS command prompt windows (from Start->Programs->Accessories), and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u "\Program Files\AdvSearch\spredirect.dll"
regsvr32 /u "..\BrowseProxy\pluginst.dll"

(The second command may need to be changed on non-English Windows installations where ‘Program Files’ is called something else. The third command will not do anything if the BrowseProxy variant is not installed.)

Next, open the registry (click Start, choose Run, enter regedit) and go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the ‘BrowseProxy’ entry pointing to ‘FindService.exe’. You can also delete the key HKEY_LOCAL_MACHINE\SOFTWARE\Olivia Corp to clean up if you like.

Restart the computer and you should be able to delete the ‘AdvSearch’ folder in Program Files. For the BrowseProxy variant, you can also delete the ‘Installer Class’ entry in the Downloaded Program Files folder, and the ‘BrowseProxy’ folder, both of which can be found inside the Windows folder.

Links

ActualNames official site.

* Parasite information and detection script by Andrew Clover - www.doxdesk.com, used with permission.

For more information about Scumware, Spyware and Parasites, their sources and their cure, visit our About Parasites page and related Tech Links.

Visit our new services portal at Allen One for a completely new parasite database format, comming November 2005!

webmaster@allentech.net
Tech Bench
Web Analytics by My-OLAP!

Top