NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove SubSearch. Description and removal instructions

 
Title: SubSearch
Type: Adware
Severity scale:SubSearch severity is 34  (34 / 100)
 
SubSearch is an adware program that detects when the user peforms a search in a particular Internet search engine and then opens its own sidebar, which contains sponsored links. SubSearch also displays undesirable pop-up advertisements and silently updates itself via the Internet. It is able to download and install arbitrary software. The threat can get into the system from several advertising sites. It runs every time the user starts Internet Explorer.

FORUM:
Discuss SubSearch in
spyware removal forum

SubSearch properties:
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background

Automatic SubSearch removal:

remover for SubSearch

SubSearch manual removal:

Kill processes:
ieservice.exe, restore.exe, rmvold.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ieservice.exe
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\MsnIeUpdate
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\IeMsnSbSrch_1
HELP:
how to remove registry entries

Unregister DLLs:
bho2.dll, mscheck.dll, msnie.dll, msvcn.dll, sbsrch_[XVS].dll
HELP:
how to unregister malicious DLLs

Delete files:
ieservice.exe, estore.exe, rmvold.exe, bho2.dll, mscheck.dll, msnie.dll, msvcn.dll, sbsrch_[XVS].dll
HELP:
how to remove harmful files

Misc:
[XVS] is the version number.

Other programs to remove SubSearch:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 19/03/04
Information updated: 03/09/05

Additional resources related to SubSearch:

Attention: If you know or you have a website or page about SubSearch removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about SubSearch parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by Stefan. 2004-03-02 13:46:23
SubSearch/HighTraffic was the original version from December 2002. Its controlling server is www.hightrafficads.com. There are two subvariants, /A (from 11th December) and /B (17th December) which seem to vary only in their class ID.

SubSearch/v2 is a version rewritten as a single DLL, from January 2003. Its controlling server is www.popunder.info (with www.cpcads.com apparently acting as a backup). It opens a characteristic 'Enhanced Search' with sponsored links when you use any other search engine.

SubSearch/v21 and SubSearch/v22 are updates to v2. v22 adds an explorer-bar-search hijacker pointed at www.dothesearch.com.

Currently there is no unique ID or cookie being used to track search usage.

It can be directed by any web page to download any file and write it anywhere to the filesystem, including over other program files which may then get run.
Related news:
Similar parasites:
Related articles:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.