BHO/Hijacker/Toolbar/ActualNames

Alias: SearchPike, ActualNames

Description: The ActualNames software is an address bar search hijacker which targets IE, Netscape and AOL browsers. The ActualNames seems to contain components to interfere with the sending of mail from various applications and web sites. Bundled with KazaaMate. Suspected also to be installed by ActiveX drive-by download from some pop-ups. From the publisher: As Web users type your company?s keywords in their browser's address box, they will be taken straight to your site.

Threat type:

BHO - A Browser Helper Object (BHO) is a software application that runs automatically whenever you start Internet Explorer. Browser Helper Objects are typically installed by other programs such as toolbar accessories and can track internet usage, create popup windows, display additional information on a viewed page and collect information that is transmitted by you over the internet. Malicious software that exploits this technology can replace banner advertisements with other ads, monitor your actions, change your home page, etc.

Hijacker - A Hijacker is a software application that takes control of your browser's settings. Usually it changes your home page and redirects it to some unknown site or modifies your search settings. It prevents you from changing back your browser's settings. An infected browser usually operates much slower.

Toolbar - A Toolbar is a group of buttons that performs different tasks. Unwanted toolbars are usually installed by adware programs that try to send users to their paying advertisers.

Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy.

Detection:
SpyNoMore detects BHO/Hijacker/Toolbar/ActualNames: Yes

Threat risk: High Risk

Very dangerous malware. Can log user's keyboard activity and take snapshots of the user's screen. Uses stealth installation and removal is very difficult. Category includes spyware programs, adware programs and trojans.

Symptoms:

BHO/Hijacker/Toolbar/ActualNames Signature Details: The following information includes some of the standard signatures associated with this spyware threat. Please do not attempt to manually remove these items from your computer; Removing these items incorrectly or partially can cause your computer to experience critical errors, prevent your computer from restarting or cause loss of Internet connectivity. Should you be infected with BHO/Hijacker/Toolbar/ActualNames, you can clean your computer by downloading SpyNoMore now.

Running Process Signatures:

File Signatures:
N/A

Registered Dll (Dynamic Link Library) Signatures:

Internet Explorer Integration:

Folder Signatures:
N/A

Registry Signatures:
HKLM\software\classes\clsid\{33403499-e238-4f35-8f5a-7f53d24ff9e2}
HKLM\software\classes\interface\{b9cd23f0-086d-4190-9c04-fbfa1ea09ff8}
HKLM\software\classes\typelib\{300d6635-e419-47e3-9642-6d73337684cd}
HKCR\clsid\{bf4b360b-1717-4bea-8c5b-6936de82e8f6}
HKLM\software\classes\typelib\{7197649b-548d-41c0-b2c1-45e1d402594a}
HKLM\software\classes\interface\{33403499-e238-4f35-8f5a-7f53d24ff9e2}
HKLM\software\classes\typelib\{4cd051dd-aa90-4c5c-bd55-ea52969be48b}
HKLM\software\classes\clsid\{b9cd23f0-086d-4190-9c04-fbfa1ea09ff8}
HKLM\software\classes\clsid\{dee456f3-a075-4f60-bea0-8748d0917701}
HKLM\software\classes\clsid\{80751b22-3fb8-4ed9-b029-e6f568bb48a8}
HKLM\software\classes\interface\{9d81bc42-475c-4eec-9ace-07886d014c9d}

SpyNoMore Collected Residual File Signatures:

See Also:
Adware/BHO/Hijacker/EUniverse
BHO/Hijacker/Toolbar/CustomToolbar
Dialer/Generic-3
BHO/AdsInContext
Dialer/AccessMembre
Adware/BHO/Hijacker/ShopForGood
Adware/BHO/Hijacker/AdGoblin.AdsInContext
Hijacker/SpyAssault
Dialer/Coulomb