Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.RaxSearch

Adware.RaxSearch

Updated:
September 14, 2006
Risk Impact:
Medium
Systems Affected:
Windows

Behavior

Adware.RaxSearch is an adware program that allows a user to query multiple search engines and also downloads and displays popup advertisements.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version October 02, 2014 revision 022
  • Initial Daily Certified version September 15, 2006
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date September 20, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Adware.RaxSearch is an adware program that allows a user to query multiple search engines and also downloads and displays popup advertisements.

Once executed, the risk creates the following folders:
%ProgramFiles%\Rax Search
%ProgramFiles%\Rax Search Helper

The risk then creates the following files:
%ProgramFiles%\Rax Search\Raxsearch.exe
%ProgramFiles%\Rax Search\history.dat
%ProgramFiles%\Rax Search\engines.dat
%ProgramFiles%\Rax Search\uninst.exe
%ProgramFiles%\Rax Search Helper\infodll.dll
%ProgramFiles%\Rax Search Helper\rxh2.dll
%ProgramFiles%\Rax Search Helper\uninst.exe
%UserProfile%\Start Menu\Programs\Rax Search\Rax Search.lnk
%UserProfile%\Desktop\Rax Search.lnk
%Windir%\infodll.dll

The risk creates the following registry subkeys:
HKEY_ALL_USERS\Software\Microsoft\CurrentVersion\Run\raxsearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rax Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rax Search Helper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Raxsearch.exe
HKEY_CLASSES_ROOT\CLSID\{19AD8203-1538-43a0-848B-D136782E09DE}
HKEY_CLASSES_ROOT\Interface\{F89C6EE9-8BCA-40D4-82B7-12853BB8BB55}
HKEY_CLASSES_ROOT\RXH.Helper.1
HKEY_CLASSES_ROOT\RXH.Helper
HKEY_CLASSES_ROOT\TypeLib\{8547ADA7-FC77-4AC1-B0A2-C4B79787B460}
HKEY_CLASSES_ROOT\rxh.rxh.1
HKEY_CLASSES_ROOT\rxh.rxh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19AD8203-1538-43a0-848B-D136782E09DE}

The risk connects to the following Web sites and downloads and displays advertisements:
http://www.raxdev.com
http://www.zedo.com

The risk displays windows that allow the user to query multiple search engines and then displays pop up windows in Internet Explorer in response to queries submitted by the user.