Internet Security, Proxy Browsing, Anonymous Online - http://www.w3privacy.com
ActualNames
http://www.w3privacy.com/articles/133/1/ActualNames/Page1.html
By W3 Privacy
Published on 05/8/2007
 
The ActualNames software is an address bar search hijacker targeting IE, Netscape and AOL browsers.
ActualNames

Description

The ActualNames software is an address bar search hijacker targeting IE, Netscape and AOL browsers.

It also seems to contain components to interfere with the sending of mail from various applications and web sites. However, the function of these files has not been pinned down.

Variants

The software may or may not come with ActualNames/BrowseProxy, an ActiveX installer component, depending on how it was installed.

Also known as

AdvSearch, after its folder name; SearchPike, after its program name.

Distribution

Bundled with KazaaMate. Suspected also to be installed by ActiveX drive-by download from some pop-ups.

What it does

Advertising

No.

Privacy violation

No.

Security issues

Yes. ActualNames can silently download and execute arbitrary unsigned code from its controlling server actualnames.com, as a self-updating feature.

ActualNames/BrowseProxy is also a severe security hole as it allows any web site to execute arbitrary programs.

Stability problems

None known (other than its tendency to contact its server at startup and every ten minutes, which can be problematic for auto-connect).

Removal

Go to the Control Panel's Add/Remove Programs feature, choose 'AdvSearch' and click 'Remove'.

Manual removal

Open a DOS command prompt windows (from Start->Programs->Accessories), and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u "\Program Files\AdvSearch\spredirect.dll"
regsvr32 /u "..\BrowseProxy\pluginst.dll"

(The second command may need to be changed on non-English Windows installations where 'Program Files' is called something else. The third command will not do anything if the BrowseProxy variant is not installed.)

Next, open the registry (click Start, choose Run, enter regedit) and go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the 'BrowseProxy' entry pointing to 'FindService.exe'. You can also delete the key HKEY_LOCAL_MACHINE\SOFTWARE\Olivia Corp to clean up if you like.

Restart the computer and you should be able to delete the 'AdvSearch' folder in Program Files. For the BrowseProxy variant, you can also delete the 'Installer Class' entry in the Downloaded Program Files folder, and the 'BrowseProxy' folder, both of which can be found inside the Windows folder.