Home / malware Adware.RXToolbar
First posted on 21 November 2011.
Source: BitDefenderAliases :
Adware.RXToolbar is also known as RXBar.
Explanation :
RXToolbar is an adware in form of a toolbar which is a type of browser plug-in that adds a third-party utility bar to the web browser. It tracks the Web sites visited and keywords used in search engines .This information is sent to a remote site. The toolbar shows related links for the current page being viewed according to a certain search engine. During the installation there is no license agreement for the user to view.
It’s also known as RXBar and it has a browser helper object component too.
RXToolbar installs the following files on disk:
%programfiles%RXToolBar RXToolbar.dll %programfiles%RXToolBarsemantic insight semanticinsight.exe %programfiles%RXToolBarsfcont.dll %programfiles%RXToolBarsfcont.bin
Also adds the following registry entries:
HKEY_CURRENT_USERSoftwareRX ToolBar HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{55B61359-4DB0-4FF4-934E-3B8C0FC707F8} HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_LOCAL_MACHINESOFTWAREClassesInterface{8C13987F-041E-4EBE-8784-E6BB9D02E656} HKEY_LOCAL_MACHINESOFTWAREClassesInterface{AC368F5F-6670-4DDE-A1A8-B9C064EA0402} HKEY_LOCAL_MACHINESOFTWAREClassesInterface{FB590D02-0A82-4F44-9FAD-517948DCF4F3} HKEY_LOCAL_MACHINESOFTWAREClassesRXResult.RXResultFilter HKEY_LOCAL_MACHINESOFTWAREClassesRXResult.RXResultTracker HKEY_LOCAL_MACHINESOFTWAREClassesRXToolBar.TBInfo HKEY_LOCAL_MACHINESOFTWAREClassesSemanticInsight.SI4CS HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{05563F82-69A7-40A6-8670-153B635A7EF6} HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{66B20295-DC57-42B6-ACDF-52D916E86464} HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{7F46B8E6-254D-46B4-999F-B37B5BE7A9F5} HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallRXToolBar HKEY_LOCAL_MACHINESOFTWARERXResults HKEY_LOCAL_MACHINESOFTWARESemanticInsight
I It creates an autorun registry value so it can run on every startup “SemanticInsight” in:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunAlso it inserts its toolbar and browser helper object into registry :
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59879FA4-4790-461c-A1CC-4EC4DE4CA483}Last update 21 November 2011
