SubSearch Description:
SubSearch is an Internet Explorer Browser
Helper Object. It detects when you are using a
search engine, and opens its own 'enhanced
results' sidebar containing paid links. This is
styled to look a bit like the search engine you
are using at the time.
SubSearch/HighTraffic was the original version
from December 2002. Its controlling server is
www.hightrafficads.com. There are two subvariants,
/A (from 11 th December) and /B (17 th December)
which seem to vary only in their class ID.
SubSearch/v2 is a version rewritten as a
single DLL, from January 2003. Its controlling
server is www.popunder.info (with www.cpcads.com
apparently acting as a backup). It opens a
characteristic 'Enhanced Search' with sponsored
links when you use any other search engine.
SubSearch/v21 and SubSearch/v22 are updates to
v2. v22 adds an explorer-bar-search hijacker.
SubSearch has a silent auto-update feature.
The HighTraffic variant can be directed by any
web site to download and execute code from its
controlling server.
The v2-v22 variants connect periodically to
their controlling server which can direct them to
download and execute code from it.
The v2 variant suffers from a critical
security hole: it can be directed by any web page
to download any file and write it anywhere to the
filesystem, including over other program files
which may then get run.
Also known as: Qual Net, after the
company name used in the original download file.
SubSearch Automatic Removal:
Using Spyware Doctor
to detect and remove SubSearch AUTOMATICALLY!
Sponsored Links:
SubSearch Manual Removal:
Open a DOS command prompt window (from
Start->Programs->Accessories) and enter the
following commands (HighTraffic variant):
cd "%WinDir%\System"
regsvr32 /u BHO2.dll
regsvr32 /u MSNIE.dll
Or for the v2 variant:
cd "%WinDir%\System"
regsvr32 /u sbsrch_v2.dll
Or for the v21 variant:
cd "%WinDir%\System"
regsvr32 /u SbSrch_V21.dll
Or for the v22 variant:
cd "%WinDir%\System"
regsvr32 /u msvcn.dll
regsvr32 /u SbSrch_V22.dll
Restart Windows and you should be able to
delete the SubSearch program files from the
System folder. (The System folder can be found in
the Windows folder; it is called 'System32' on
Windows NT/2000/XP, and just 'System' on Windows
95/98/Me.) These files are named BHO2.dll and
MSNIE.dll (HighTraffic variant), sbsrch_v2.dll
(v2), SbSrch_V21.dll (v21) or SbSrch_V22.dll
(v22).
With the v2-v22 variants you can also delete
winfgnet_1.dat or winfgnet_2.dat, and, rmvold.exe
(which may be there if you previously had v2 and
it upgraded itself to v21).
The v22 variant also has msvcn.dll,
restore.exe and backup.reg files to delete. Then
you can use Internet Options -> Programs ->
Restore Web Settings to get the default search
explorer bar back.
You can also delete the registry key
HKEY_CURRENT_USER\Software\VB and VBA Program
Settings\IeMsnSbSrch_1 (v2 and v21 variants) or
HKEY_CURRENT_USER\Software\VB and VBA Program
Settings\MsnIeUpdate to clean up if you like.
More
Removal Instructions for Adware/Spyware Programs -
'S'
| 
(If you can not see the issued comment, please enable your browser to support javascript and refresh this page.)