[project89]

technical details
File names:
Ssk.exe
SskBho.dll
SskCore.dll
SSK_B5.EXE

When Adware.SurfSideKick is executed, it performs the following actions:

1. Creates the following files:
* %Program Files%\SurfSideKick [version]\Ssk.exe
* %Program Files%\SurfSideKick [version]\SskBho.dll
* %Program Files%\SurfSideKick [version]\SskCore.dll
* %Temp%\sskupdater3.exe
* %Temp%\??.tmp
* %Temp%\SSK3_B5 Seedcorn 4.exe
* %Temp%\??.bat

Note:
* %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
* %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).
* [version] refers to the current version number of the program.

2. Adds some of the following registry keys:

HKEY_CLASSES_ROOT\CLSID\{000AB0005-FF12-42C2-8DF5-39E12E5F9C91}
HKEY_CLASSES_ROOT\CLSID\{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}
HKEY_CLASSES_ROOT\CLSID\{02EE5B04-F144-47BB-83FB-A60BD91B74A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Surf Sidekick
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Surf Sidekick_is1
HKEY_CURRENT_USER\Software\SurfSideKick2
HKEY_CURRENT_USER\Software\SurfSideKick3
HKEY_LOCAL_MACHINE\SOFTWARE\SurfSideKick3

3. Adds some of the following values:

"SurfSideKick" = "%Program Files%\SurfSideKick\Ssk.exe"
"SurfSideKick 2" = "%Program Files%\SurfSideKick 2\Ssk.exe"
"SurfSideKick 3" = "%Program Files%\SurfSideKick 3\Ssk.exe"

to the following registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

so that the program runs every time Windows starts.

4. Deletes the value:

{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

from the registry key

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

5. Adds the values:

{02EE5B04-F144-47BB-83FB-A60BD91B74A9}
{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}

to the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks

6. Adds the values:

{000AB0005-FF12-42C2-8DF5-39E12E5F9C91}
{02EE5B04-F144-47BB-83FB-A60BD91B74A9}
{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}

to the registry key

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

7. Displays pop-up ads.

8. May attempt to connect to a predetermined Web site, download other adware programs and send on system information.

removal instructions

The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

1. Update the definitions.
2. Uninstall Adware.SurfSideKick using the Add/Remove Programs utility.
3. Run a full system scan.
4. Delete the value that was added to the registry.

For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To uninstall the Adware

1. Do one of the following:
* On the Windows 98 taskbar:
1. Click Start > Settings > Control Panel.
2. In the Control Panel window, double-click Add/Remove Programs.

* On the Windows Me taskbar:
1. Click Start > Settings > Control Panel.
2. In the Control Panel window, double-click Add/Remove Programs.
If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."

* On the Windows 2000 taskbar:
By default, Windows 2000 is set up the same as Windows 98, so follow the instructions for Windows 98. If otherwise, click Start, point to Settings > Control Panel, and then click Add/Remove Programs.

* On the Windows XP taskbar:
1. Click Start > Control Panel.
2. In the Control Panel window, double-click Add or Remove Programs.

2. Click Surf Sidekick.


Note: You may need to use the scroll bar to view the whole list.


rerun scan after to make sure its gone,u may have to manually dlete some files and registry keys
3. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.