SecurityHome.eu Adware.Hotbar.EM

Home / malware PDF

Adware.Hotbar.EM

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Adware.Hotbar.EM is also known as not-a-virus:AdWare.Win32.HotBar Adware:Win32/Hotbar, (threat-c.
Explanation :
Adware.Hotbar installs itself through children targeted web page banners or an installer that has no window and thus no option to cancel the instalation.

Adware.Hotbar adds graphical skins to Internet Explorer, Microsoft Outlook, and Outlook Express toolbars and also adds its own toolbar and search button.

Adware.Hotbar can send information on browsing habits to various servers, which may be used for targeted marketing such as displaying advertising pop-ups based on specific keywords that are encountered during your browsing session.

Software's instalation detailes :

1)Creates files in the following folders and files:

%ProgramFiles%Hotbar

%ProgramFiles%HotbarBinHbtUninst.exe
%ProgramFiles%HotbarBinCml.exe
%ProgramFiles%HotbarBindBenderC.dll
%ProgramFiles%HotbarBinHbtAds.dll
%ProgramFiles%HotbarBinHbtCoreSrv.dll
%ProgramFiles%HotbarBinHbtGuard.exe
%ProgramFiles%HotbarBinHbtHostIE.dll
%ProgramFiles%HotbarBinHbtHostOE.dll
%ProgramFiles%HotbarBinHbtHostOL.dll
%ProgramFiles%HotbarBinHbtInstIE.dll
%ProgramFiles%HotbarBinHbtOEAddOn.exe
%ProgramFiles%HotbarBinHbtSrv.exe
%ProgramFiles%HotbarBinHbtToolbar.dll
%ProgramFiles%HotbarBinHbtWallpaper.dll
%ProgramFiles%HotbarBinHbtWeatherOnTray.exe

%ProgramFiles%HbTools
%UserProfile%Application DataHbTools

Creates copies of HbGuard.exe and installs it as [RANDOM NAME].exe in %System32%.

3) Adds the following registry keys

HKEY_LOCAL_MACHINESOFTWAREClassesHbtCoreSrv.HbtCoreServices
HKEY_LOCAL_MACHINESOFTWAREClassesHbtCoreSrv.HbtCoreServices.1
HKEY_LOCAL_MACHINESOFTWAREClassesHbtCoreSrv.LfgAx
HKEY_LOCAL_MACHINESOFTWAREClassesHbtCoreSrv.LfgAx.1
HKEY_LOCAL_MACHINESOFTWAREClassesHbtHostIE.Bho
HKEY_LOCAL_MACHINESOFTWAREClassesHbtHostIE.Bho.1
HKEY_LOCAL_MACHINESOFTWAREClassesHbtHostOL.HbtMailAnim
HKEY_LOCAL_MACHINESOFTWAREClassesHbtHostOL.HbtMailAnim.1
HKEY_LOCAL_MACHINESOFTWAREClassesHbtHostOL.HbtWebmailSend
HKEY_LOCAL_MACHINESOFTWAREClassesHbtHostOL.HbtWebmailSend.1
HKEY_LOCAL_MACHINESOFTWAREClassesHbTools.HbtCommBand
HKEY_LOCAL_MACHINESOFTWAREClassesHbTools.HbtCommBand.1
HKEY_LOCAL_MACHINESOFTWAREClassesHbTools.HbtTravelCompareBar
HKEY_LOCAL_MACHINESOFTWAREClassesHbTools.HbtTravelCompareBar.1
HKEY_LOCAL_MACHINESOFTWAREClassesHbtSrv.HbtCoreServices
HKEY_LOCAL_MACHINESOFTWAREClassesHbtSrv.HbtCoreServices.1
HKEY_LOCAL_MACHINESOFTWAREClassesHbtToolbar.HbtHtmlMenuUI
HKEY_LOCAL_MACHINESOFTWAREClassesHbtToolbar.HbtHtmlMenuUI.1
HKEY_LOCAL_MACHINESOFTWAREClassesHbtToolbar.HbtToolbarCtl
HKEY_LOCAL_MACHINESOFTWAREClassesHbtToolbar.HbtToolbarCtl.1
HKEY_LOCAL_MACHINESOFTWAREClassesHbtTools.HbMain
HKEY_LOCAL_MACHINESOFTWAREClassesHbtTools.HbMain.1
HKEY_CLASSES_ROOTHBInstIE.HbInstObj.1
HKEY_CLASSES_ROOTHBInstIE.HbInstObj
HKEY_CLASSES_ROOTHbCoreSrv.DynamicProp
HKEY_CLASSES_ROOTHbCoreSrv.DynamicProp.1
HKEY_CLASSES_ROOTHbCoreSrv.HbCoreServices
HKEY_CLASSES_ROOTHbCoreSrv.HbCoreServices.1
HKEY_CLASSES_ROOTHbCoreSrv.LfgAx
HKEY_CLASSES_ROOTHbCoreSrv.LfgAx.1
HKEY_CLASSES_ROOTHbHostIE.Bho
HKEY_CLASSES_ROOTHbHostIE.Bho.1
HKEY_CLASSES_ROOTHbHostOL.HbElementFocus
HKEY_CLASSES_ROOTHbHostOL.HbElementFocus.1
HKEY_CLASSES_ROOTHbHostOL.HbMailAnim
HKEY_CLASSES_ROOTHbHostOL.HbMailAnim.1
HKEY_CLASSES_ROOTHbHostOL.HbWebmailSend
HKEY_CLASSES_ROOTHbHostOL.HbWebmailSend.1
HKEY_CLASSES_ROOTHbSrv.HbCoreServices
HKEY_CLASSES_ROOTHbSrv.HbCoreServices.1
HKEY_CLASSES_ROOTHbToolbar.HbHtmlMenuUI
HKEY_CLASSES_ROOTHbToolbar.HbHtmlMenuUI.1
HKEY_CLASSES_ROOTHbToolbar.HbToolbarCtl
HKEY_CLASSES_ROOTHbToolbar.HbToolbarCtl.1
HKEY_CLASSES_ROOTHotbar.HbCommBand
HKEY_CLASSES_ROOTHotbar.HbCommBand.1
HKEY_CLASSES_ROOTHotbar.HbMain
HKEY_CLASSES_ROOTHotbar.HbMain.1
HKEY_CLASSES_ROOTHotbar.HbTravelCompareBar
HKEY_CLASSES_ROOTHotbar.HbTravelCompareBar.1
HKEY_CLASSES_ROOTRprtsPSClient.PSExecuter
HKEY_CLASSES_ROOTRprtsPSClient.PSExecuter.1
HKEY_CLASSES_ROOTShprRprts.HbAx
HKEY_CLASSES_ROOTShprRprts.HbAx.1
HKEY_CLASSES_ROOTShprRprts.HbCommBand
HKEY_CLASSES_ROOTShprRprts.HbCommBand.1
HKEY_CLASSES_ROOTShprRprts.HbInfoBand
HKEY_CLASSES_ROOTShprRprts.HbInfoBand.1
HKEY_CLASSES_ROOTShprRprts.IEButton
HKEY_CLASSES_ROOTShprRprts.IEButton.1
HKEY_CLASSES_ROOTShprRprts.IEButtonA
HKEY_CLASSES_ROOTShprRprts.IEButtonA.1
HKEY_CLASSES_ROOTShprRprts.SmrtShprCtl
HKEY_CLASSES_ROOTShprRprts.SmrtShprCtl.1
HKEY_CLASSES_ROOTWallpaper.WallpaperManager
HKEY_CLASSES_ROOTWallpaper.WallpaperManager.1
HKEY_LOCAL_MACHINESOFTWAREClassesAppIDHbSrv.EXE
HKEY_LOCAL_MACHINESOFTWAREClassesAppIDWeatherOnTray.EXE
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet Explorer
Extensions{946B3E9E-E21A-49c8-9F63-900533FAFE14}HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{E77EDA01-3C56-4a96-8D08-02B42891C169}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4B18DD50-C996-44fc-AC52-0FECFF82ED58}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallHotbarOutlookTools
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallHotbarWebTools
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShopper Reports by Hotbar
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallHbToolsOutlookTools
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallHbToolsWebTools
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallShopperReports by Hotbar
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeOutlookAddinsHbHostOL.HbMailAnim
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOfficeOutlookAddinsHbtHostOL.HbtMailAnim
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{B195B3B3-8A05-11D3-97A4-0004ACA6948E}
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExplorer Bars{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_CLASSES_ROOTAppID{0507FDDE-F3B7-49F5-9E8F-C557E991F39B}
HKEY_CLASSES_ROOTAppID{B701A705-F828-11D4-A466-00508B5BA2DF}
HKEY_CURRENT_USERSoftwareHotbar
HKEY_LOCAL_MACHINESoftwareHotbar
HKEY_LOCAL_MACHINESOFTWAREHbTools
HKEY_CURRENT_USERSoftwareHbTools
HKEY_USERS.DEFAULTSoftwareHotbar
Last update 21 November 2011

TOP

Malware :

Last 20