I ran a scan of a system, G, with BazookaTM Adware and Spyware Scanner v1.13.03. It found Exploit searchterror.com on the system.
The uninstall procedure on the Kephyr webage suggested using "Add or Remove Programs" in the Windows® Control Panel to remove the malware. I looked for "SpySheriff" and "WeirdOnTheWeb" entries as suggested, but found none.
The Kephyr site indicates that the presence of any of the files or directories listed below may indicate a system is infected with this malware.
c:\loader.exe c:\mailz.txt c:\sys.exe c:\tmp.txt c:\trig.dtl c:\winstall.exe %WinDir%\weirdontheweb_topc.exe %WinDir%\zsettings.dll %WinDir%\tool1.exe %WinDir%\tool2.exe %WinDir%\tool3.exe %WinDir%\svchost.exe %WinDir%\ms1.exe %WinDir%\ms2.exe %WinDir%\ms3.exe %WinDir%\ms4.exe %WinDir%\msmsgr2.exe %WinDir%\drexinit.dll %WinDir%\kernels32.exe %WinDir%\vr_sys.dll %WinDir%\desktop.html %WinDir%\dvpd.dll %WinDir%\installer_SIAC.exe %WinDir%\sasent.dll %WinDir%\sasetup.dll %WinDir%\cdmweb\ %SystemDir%\latest.exe %SystemDir%\maxd.exe %SystemDir%\newdial.exe %SystemDir%\realupd32.exe %SystemDir%\realupd_32.exe %SystemDir%\thn.dll %SystemDir%\thn32.dll %SystemDir%\tibs.exe %SystemDir%\vx.tll %SystemDir%\init32m.exe %SystemDir%\cssrs.exe %SystemDir%\abc.exe %SystemDir%\paytime.exe %SystemDir%\vxgame1.exe %SystemDir%\vxgame2.exe %SystemDir%\vxgame3.exe %SystemDir%\vxgame4.exe %SystemDir%\win32.exe %SystemDir%\newdial1.exe %SystemDir%\zolk.dll %SystemDir%\ztoolber.dll %SystemDir%\ztoolbar.bmp %SystemDir%\ztoolbar.xml %SystemDir%\~update.exe %ProgramsDir%WeirdOnTheWeb\
%WinDir% is a
variable. By default, this is C:\Windows (Windows 95/98/Me/XP) or
C:\WINNT (Windows NT/2000).
%SystemDir% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%ProgramsDir% is a variable. By default, this is C:\Program Files.
The file svchost.exe is part of the list, but is also a file normally found on Windows systems. On Windows NT and later systems, though, it is found in %WinDir%\system32, rather than in %WinDir%. The Kephyr webpage indicates its presence in the %WinDir% directory indicates the presence of this malware.
I created a batch file,
searchterror-files.bat to search for any intances of the above
files or directories on the system. The script did not find either of
the two directories associated with the malware %WinDir%\cdmweb\
nor %ProgramsDir\%WeirdOnTheWeb\. The only file from the list which it found was
C:\temp.txt, which had a creation timestamp of
Thursday, December 23, 2004, 4:21:31 PM. When I renamed that file,
Bazooka no longer reported the presence of
on the system. Since it didn't find any registry entries associated with
the malware, I believe the report was a false positive.