||||
Symantec.com > Security Response > Threats and Risks > Trackware.IEMenuExt
PRINT THIS PAGE

Trackware.IEMenuExt

Printer Friendly Page

Updated: February 13, 2007 11:42:04 AM
Type: Trackware
Publisher: www.effectivebrand.com
Risk Impact: Low
File Names: tbextn.dll IEMenuExtension.exe tbIsra.dll
Systems Affected: Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


When Trackware.IEMenuExt is executed, it performs the following actions:
  1. Creates the following files:

    • %ProgramFiles%\IEMenuExtension\tbextn.dll
    • %ProgramFiles%\IEMenuExtension\INSTALL.LOG
    • %ProgramFiles%\IEMenuExtension\logo.ico
    • %ProgramFiles%\IEMenuExtension\toolbar.cfg
    • %ProgramFiles%\IEMenuExtension\UNWISE.EXE
    • %ProgramFiles%\IEMenuExtension\TBlogin.users.EffectiveBrand.com.
    • %ProgramFiles%\IEMenuExtension\rss\rss_html_template.html
    • %UserProfile%\Start Menu\Programs\Israel_Radio Toolbar for internet expo\How To Uninstall.lnk
    • %UserProfile%\Administrator\Start Menu\Programs\Israel_Radio Toolbar for internet expo\Israel_Radio Toolbar for internet expo.lnk
    • %ProgramFiles%\Israel_Radio\INSTALL.LOG
    • %ProgramFiles%\Israel_Radio\LocalSettings.txt
    • %ProgramFiles%\Israel_Radio\rss\http___www_globes_co_il_WebService_Rss_RssFeeder_asmx_FeederNode_iID=942.xml
    • %ProgramFiles%\Israel_Radio\rss\http___www_haaretz_com_hasen_objects_pages_enewsRss_jhtml.xml
    • %ProgramFiles%\Israel_Radio\rss\http___www_haaretz_com_hasen_objects_pages_enewsRss_jhtml_structured.xml
    • %ProgramFiles%\Israel_Radio\rss\http___www_jpost_com_servlet_Satellite_pagename=JPost_P_Ext_RSS_RSS&cid=1123495333346.xml
    • %ProgramFiles%\Israel_Radio\rss\http___www_jpost_com_servlet_Satellite_pagename=JPost_P_Ext_RSS_RSS&cid=1123495333346_structured.xml
    • %ProgramFiles%\Israel_Radio\rss\http___www_ynet_co_il_Integration_StoryRss3254_xml.xml
    • %ProgramFiles%\Israel_Radio\rss\http___www_ynet_co_il_Integration_StoryRss3254_xml_structured.xml
    • %ProgramFiles%\Israel_Radio\tbIsra.dll
    • %ProgramFiles%\Israel_Radio\toolbar.cfg
    • %ProgramFiles%\Israel_Radio\UNWISE.EXE

      Notes:
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

  2. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B95678D-30A4-4FF8-A72F-4208340C1F7F}
    HKEY    _LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Menu Extension toolbar
    HKEY_LOCAL_MACHINE\SOFTWARE\IEMenuExtension
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8ACD00-2E8E-4D8F-883B-25BAA3502643}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Israel_Radio Toolbar for internet expo
    HKEY_LOCAL_MACHINE\SOFTWARE\Israel_Radio
    HKEY_CURRENT_USER\Software\IEMenuExtension
    HKEY_CURRENT_USER\Software\Israel_Radio
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B8ACD00-2E8E-4D8F-883B-25BAA3502643}
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
  3. Adds the following clean registry subkeys:

    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Tasks
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Tasks\NowPlaying
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences\ProxySettings
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{E9592F69-1361-4128-92B9-2B4367FA9BE2}

    Note: These subkeys may also be associated with legitimate software.
  4. Adds the values:

    "{6B95678D-30A4-4FF8-A72F-4208340C1F7F}" = "IE Menu Extension toolbar"
    "{4b8acd00-2e8e-4d8f-883b-25baa3502643} =  "Israel_Radio Toolbar for internet expo"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

  5. Adds the values:

    "{6B95678D-30A4-4FF8-A72F-4208340C1F7F}" = "[RANDOM HEXADECIMAL NUMBERS]"
    "{4B8ACD00-2E8E-4D8F-883B-25BAA3502643}" = "[RANDOM HEXADECIMAL NUMBERS]"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

  6. Adds the values:

    "{44BE0690-5429-47f0-85BB-3FFD8020233E}" = "44BE0690542947f085BB3FFD8020233E"
    "{4B8ACD00-2E8E-4D8F-883B-25BAA3502643}" = "[RANDOM HEXADECIMAL NUMBERS]"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar

  7. Adds the value:

    "IE Menu Extension toolbar" = "rundll32.exe "%ProgramFiles%\IEMenuExtension\tbextn.dll" DllShowTB"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that Trackware.IEMenuExt runs every time Windows starts.

  8. Monitors activity and reports URLs visited to predetermined Web sites.


Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS