SearchExe Spyware (se.dll)

Introduction

Lots of us have seen se.dll in our registry or somewhere on our system being detected by Norton or another Anti-Virus program. SE stands for SearchExe and is a type of spyware/trojan depending on who you ask. This malicious program is detected by spyware removal tools, and anti-virus programs alike. This trojans infects everything from Win95 on up to WinXP and causes your Internet Explorer homepage to be replaced with a new but not so wonderful pseudo-search page replacement. This Internet Explorer plugin basically monitors web-site addresses you visit, what you fill in to forms, and local file browsing as well. This Trojan will also create popups on your screen according to keywords it finds on websites... very distracting but not as dangerous as other trojans. Apparently, Norton and other products do not clean it up very well so, you may require a technician to help.

Technical Information

SearchExe is also known as Trojan.StartPage.M, or Adware.SCBar or WebBar. This Trojan is able to download additional bad programs to install on your PC. Is has been called a Trojan due to the greek myth of the Trojan Horse posing as a gift, but hidden inside is the means to ravage your computer.

This Trojan does the following

• Drops the file %Temp%\se.dll
• Registers a BHO
  • HKEY_CLASSES_ROOT\CLSID\{2862736E-7B27-418A-A4E8-F13FB2E8C945}
  • HKEY_CLASSES_ROOT\CLSID\{5607D0D5-3205-45F2-A125-63666696DDA0}
• Adds "sp" = "rundll32 %temp%\se.dll,DllInstall" to the registry subkey
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• Adds the value: "Search Bar" = "res://%temp%\se.dll/sp.htm;" to the registry subkeys:
  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

An expert at support.com can clean your system if you're having problems with SearchExe Spyware.