ADWARE_BHO_SEARCHCENTRIX
BrowserModifier:Win32/SearchCentrix (Microsoft); Adware.Searchcentrix.B (BitDefender); Adware.Searchcentrix.B (F-Secure); Adware/Searchcentrix (Fortinet); not-a-virus:AdWare.Win32.Searchcentrix.a (Kaspersky); ADSPY/Searchcentrix.A (Avira)
Windows
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Spyware
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This spyware may arrive bundled with malware packages as a malware component. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It requires its main component to successfully perform its intended routine.
TECHNICAL DETAILS
Arrival Details
This spyware may arrive bundled with malware packages as a malware component.
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Other System Modifications
This spyware adds the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{GUID 1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{GUID 2}
It adds the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{GUID 1}
(Default) = "Setup"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{GUID 1}\TypeLib
(Default) = "{GUID 2}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{GUID 1}\TypeLib
Version = "1e.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{GUID 2}\1e.0
(Default) = "SomaticCAB"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{GUID 2}\1e.0\
0\win32
(Default) = "{malware path and filename}"
Other Details
This spyware requires its main component to successfully perform its intended routine.