SearchNet is a spyware program created and transmitted by ecorp.com.  It is downloadable as a free program that is activated by an .exe command.  It is disguised as a toolbar add-on that supposedly enhances the Internet browsing experience.  The claim is that you can search the Internet from anywhere on the Web, block pop-up advertising, read the most recent news headlines, receive a weather forecast, and highlight the terms on a web page that you’re looking at.

The spyware functions of SearchNet include resetting your homepage to zhongsou.com, preventing itself from being deleted, changing your search settings, and collecting personal information.

SearchNet does not give prior warning that it may collect personal information from your computer.  There is nothing on the ecorp.com website to insinuate that their products might collect your information.  They profess to be a reputable company with highly reputable business partners.

It is highly recommended that you remove SearchNet from your computer.  Few antispyware programs can actually do that, since it protects itself from deletion.  SpyZooka has no such problem removing SearchNet.

Also known as:

Zhongsou/SearchNet.Adware, Remote Log, BioNet, Adware.SearchNet, Trojan-Spy.Win32.Agent.iw, AdWare.Win32.BHO.ls, Win32/SearchNet.D, Adware.PigSearch, Adware.Rugo
Associated Files:

%Windir%\Downloaded Program Files\[RANDOM NAME].dll, %Windir%\Downloaded Program Files\[RANDOM NAME].dll, %System%\drivers\Anfad.sys
%System%\drivers\[RANDOM NAME].sys, %System%\drivers\FAD.sys, %System%\drivers\[RANDOM NAME].sys, %System%\ServeHost.dat, %System%\ServeHost.exe, %ProgramFiles%\SearchNet\SearchNet.exe, %ProgramFiles%\SearchNet\ServeUp.exe, %ProgramFiles%\SearchNet\SNHpr.dll, %ProgramFiles%\SearchNet\SrvNet32.dll, %ProgramFiles%\SearchNet\UnInstall.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0176FE-008B-4706-90F5-BBA532A49731}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CE496D1-1746-41CD-9489-3C0B93DF10E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52BEA5F9-7E3F-490A-B7E8-9BD5DDDEE5DF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D1AFED83-9133-4660-8C8F-DAF1B4A3D5A8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{158919D3-4CAB-4109-9755-9AE794D5B2DE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E8D3778F-47D3-4F1F-9245-3D46856936E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHpr.InterCept
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEHpr.InterCept.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0176FE-008B-4706-90F5-BBA532A49731}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CE496D1-1746-41CD-9489-3C0B93DF10E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZSXZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdnup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{04152c5b-7ca9-4bb1-8077-5ea42f787eb8}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{515bafd0-86a0-4b2a-9dfe-4440bf60c355}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{5c20c0e0-9a22-424f-92c8-6f408563ce98}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{93506e82-31e9-47b4-901e-2d04d6aa3b86}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{b9b553a9-77ff-44de-8c24-fe88ccdc4e93}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{c8a82950-abe8-4b7d-a5de-19c249a9cfac}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{cf3780c4-33ba-44bd-981f-e37940887d8b}
HKEY_LOCAL_MACHINE\SOFTWARE\SearchNet
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANFAD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[RANDOM NAME]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FAD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[RANDOM NAME]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[RANDOM NAME]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A0176FE-008B-4706-90F5-BBA532A49731}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CE496D1-1746-41CD-9489-3C0B93DF10E2}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Anfad
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM NAME]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FAD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote Log
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM NAME]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM NAME]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Enable Browser Extensions” = “yes”
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\”Enable Browser Extensions” = “yes”
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\”Enable Browser Extensions” = “yes”
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\”Enable Browser Extensions” = “yes”
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main\”Enable Browser Extensions” = “yes”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”CdnCtr” = “”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”SearchNet_Up” = “%ProgramFiles%\SearchNet\ServeUp.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[RANDOM NAME]” = rundll32 “%Windir%\Downloaded Program Files\[RANDOM NAME].dll”