BlazeFind

Category: Adware and PUAsProtection available since:01 Mar 2006 00:00:00 (GMT)
Type: Unspecified PUALast Updated:27 Feb 2009 16:40:20 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

BlazeFind is an adware plugin for Microsoft Internet Explorer which redirects internet searches and may change the browser start page and search settings.

The installation executable for BlazeFind (typically named instsa2.exe) drops a COM DLL to the Windows system folder with one of the following filenames:

2_0_1browserhelper2.dll
3_0_1browserhelper3.dll
5_0_1browserhelper5.dll
iesearchbar.dll

A harmless file named key2.txt may be created in the Windows folder and an uninstallation executable is created in the Windows folder named UnstSA?.exe where ? is a version number.

The dropped DLL is registered as a COM object (using regsvr32) and Browser Helper Object for Internet Explorer, creating one or more of the following registry entries:

HKCR\CLSID\(83DE62E0-5805-11D8-9B25-00E04C60FAF2)
HKCR\CLSID\(71ed4fba-4024-4bbe-91dc-9704c93f453e)
HKCR\CLSID\(c5941ee5-6dfa-11d8-86b0-0002441a9695)
HKCR\CLSID\(fbed6a02-71fb-11d8-86b0-0002441a9695)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\
Browser Helper Objects\(83DE62E0-5805-11D8-9B25-00E04C60FAF2)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\
Browser Helper Objects\(71ed4fba-4024-4bbe-91dc-9704c93f453e)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\
Browser Helper Objects\(c5941ee5-6dfa-11d8-86b0-0002441a9695)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\
Browser Helper Objects\(fbed6a02-71fb-11d8-86b0-0002441a9695)

Various registry entries are created under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR ?.?

where ?.? is the version number.

An uninstallation entry is added to the Add or Remove Programs dialog in the Windows Control Panel beginning "Windows SR".

download Try Sophos products for free
Download now