Home / malwarePDF  

Adware:Win32/Hotbar


First posted on 04 February 2009.
Source: SecurityHome

Aliases :

There are no other names known for Adware:Win32/Hotbar.

Explanation :

Hotbar displays a dynamic toolbar and targeted pop-up ads based on its monitoring of Web-browsing activity. The toolbar appears in Internet Explorer and Windows Explorer. The toolbar contains buttons that can change depending on the current Web page and keywords on the page. Clicking a button on the toolbar may open an advertiser Web site or paid search site. Hotbar also installs graphical skins for Internet Explorer, Outlook, and Outlook Express. Hotbar may collect user-related information and may silently download and run updates or other code from its servers.

Symptoms
Indications of a Hotbar installation may include the following:

  • Presence of a folder named 'hbtools' or 'hotbar' in one of the following:
    C:Documents and Settings<username>Application Data
  • C:Program Files
  • Presence of either of the following registry keys:
    HKEY_CURRENT_USERSoftwareHbTools
    HKEY_LOCAL_MACHINESOFTWAREHbTools


    • Hotbar displays a dynamic toolbar and user-targeted pop-up ads based on its monitoring of user Web-browsing activity. The toolbar appears in Internet Explorer and Windows Explorer. The toolbar contains buttons that can change depending on the current Web page and keywords on the page. Clicking a button on the toolbar may open an advertiser Web site or a paid search site. Hotbar also installs graphical skins for Internet Explorer, Outlook, and Outlook Express. Hotbar may silently download and run updates or other code from its servers. For each Web site that a user visits, Hotbar may collect information such as originating and current URLs (Web-usage paths), user-entered search terms and demographic data, Hotbar button clicks, link clicks, and client-computer IP address, and Hotbar cookie ID. Hotbar may also collect personally identifiable information, such as data obtained during user registration processes at third-party Web sites. Hotbar drops numerous files during an installation. Hotbar may install itself to paths that include the following:C:Documents and Settings<username>Application DatahbtoolsC:Documents and Settings<username>Application DatahotbarC:Program FileshbtoolsC:Program Fileshotbar A Hotbar installation adds numerous keys to the registry, including the following: HKEY_CURRENT_USERSoftwareHbTools
    HKEY_LOCAL_MACHINESOFTWAREHbTools
    HKEY_CLASSES_ROOTAppID{0507FDDE-F3B7-49F5-9E8F-C557E991F39B}
    HKEY_CLASSES_ROOTCLSID{0AB71193-EC19-4D70-85C2-E46E2FF02755}
    HKEY_CLASSES_ROOTCLSID{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
    HKEY_CLASSES_ROOTCLSID{31A59636-0FA3-4A56-954D-DB7AD02840D8}
    HKEY_CLASSES_ROOTCLSID{3FA917B9-DF69-477F-9E4F-B60D929DE79F}
    HKEY_CLASSES_ROOTCLSID{40D8240A-E3A0-4D59-AC55-0443120188D1}
    HKEY_CLASSES_ROOTCLSID{420C35C9-E4F2-49F9-BF67-2BE1ECF86989}
    HKEY_CLASSES_ROOTCLSID{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
    HKEY_CLASSES_ROOTCLSID{74CC49F7-EB32-4A08-B204-948962A6E3DB}
    HKEY_CLASSES_ROOTCLSID{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
    HKEY_CLASSES_ROOTCLSID{8C875948-9C60-4381-9248-0DF180542D53}
    HKEY_CLASSES_ROOTCLSID{A14C0D8D-E753-4E73-9E2B-4070791D8940}
    HKEY_CLASSES_ROOTCLSID{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}
    HKEY_CLASSES_ROOTCLSID{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}
    HKEY_CLASSES_ROOTCLSID{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}

    Analysis by Durga Kumar

    Last update 04 February 2009

     

    TOP

    Malware :