ActualNames
- By W3 Privacy
- Published 05/8/2007
- Parasites
- Unrated
ActualNames
Description
The ActualNames software is an address bar search hijacker targeting IE, Netscape and AOL browsers.
It also seems to contain components to interfere with the sending of mail from various applications and web sites. However, the function of these files has not been pinned down.
Variants
The software may or may not come with ActualNames/BrowseProxy, an ActiveX installer component, depending on how it was installed.
Also known as
AdvSearch, after its folder name; SearchPike, after its program name.
Distribution
Bundled with KazaaMate. Suspected also to be installed by ActiveX drive-by download from some pop-ups.
What it does
Advertising
No.
Privacy violation
No.
Security issues
Yes. ActualNames can silently download and execute arbitrary unsigned code from its controlling server actualnames.com, as a self-updating feature.
ActualNames/BrowseProxy is also a severe security hole as it allows any web site to execute arbitrary programs.
Stability problems
None known (other than its tendency to contact its server at startup and every ten minutes, which can be problematic for auto-connect).
Removal
Go to the Control Panel's Add/Remove Programs feature, choose 'AdvSearch' and click 'Remove'.
Manual removal
Open a DOS command prompt windows (from Start->Programs->Accessories), and enter the following commands:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\AdvSearch\spredirect.dll"
regsvr32 /u "..\BrowseProxy\pluginst.dll"
(The second command may need to be changed on non-English Windows installations where 'Program Files' is called something else. The third command will not do anything if the BrowseProxy variant is not installed.)
Next, open the registry (click Start, choose Run, enter regedit) and go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the 'BrowseProxy' entry pointing to 'FindService.exe'. You can also delete the key HKEY_LOCAL_MACHINE\SOFTWARE\Olivia Corp to clean up if you like.
Restart the computer and you should be able to delete the 'AdvSearch' folder in Program Files. For the BrowseProxy variant, you can also delete the 'Installer Class' entry in the Downloaded Program Files folder, and the 'BrowseProxy' folder, both of which can be found inside the Windows folder.
