allentech.net

Home > Browser Parasites > Parasite Database > CrackedEarth

About Us

Online Stores

TQ Support

Web Services

Database Help

Tech Links

Projects

Online Manual

Browser Parasites

Privacy Policy

Contact us

Send Page

Limited Time!
Totally FREE Web Design!
Click here!

Blue Host

Parasite: CrackedEarth

This record last updated Tue Sep 20 2005 00:34:15

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

CrackedEarth is a homepage- and search-hijacker targeted at crackedearth.com, controlled by Cyberzine, an internet porn company known for spam.

Variants

CrackedEarth/Srchhook: file srchhook.dll.

CrackedEarth/CamGirlsLive: file cglbar.dll. Adds a search toolbar to Internet Explorer windows, fetched from the server bar.pornochicks.com.

Distribution

Through ActiveX drive-by-download on pop-under adverts, misleadingly described, for example as an MP3 downloader, ‘Porno viewer’ or ‘Internet enhancer’.

What it does

Advertising

The Srchhook variant may also add crackedearth.com bookmarks to IE’s Favorites list.

Privacy violation

No.

Security issues

None known.

Stability problems

None known.

Removal

Srchhook variant

The files are installed in a folder named ‘CrackedEarth’ in the root of the system drive. Before you delete them you should deregister the search hook. Open a DOS command prompt window (Start->Programs->Accessories) and enter:

cd "%WinDir%\System"
regsvr32 "\CrackedEarth\searchhook.dll"

Next, open the registry (Start->Run->regedit) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the ‘SearchHook’ value inside this key. You can also delete the key HKEY_CURRENT_USER\Software\SearchHook to clean up.

Finally, delete the CrackedEarth folder and reset your home page.

CamGirlsLive variant

The file cglbar.dll is stored in the System32 folder (inside the Windows folder; called just ‘System’ on Windows 95/98/Me). Before you can delete it, it must be deregistered. Open a Command Prompt window (Start->Programs->Accessories) and enter:

cd "%WinDir%\System"
regsvr32 cglbar.dll

Restart the computer and you should be able to delete the file cglbar.dll from the System32 folder. Then reset the home page.

* Parasite information and detection script by Andrew Clover - www.doxdesk.com, used with permission.

For more information about Scumware, Spyware and Parasites, their sources and their cure, visit our About Parasites page and related Tech Links.

Visit our new services portal at Allen One for a completely new parasite database format, comming November 2005!

webmaster@allentech.net
Tech Bench
Web Analytics by My-OLAP!

Top