||||
Symantec.com > Security Response > Threats and Risks > Adware.ABXToolbar
PRINT THIS PAGE

Adware.ABXToolbar

Printer Friendly Page

Updated: February 13, 2007 11:42:38 AM
Type: Adware
Version: 1.0.0.1
Risk Impact: High
File Names: ABX_Search.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP



When Adware.ABXToolbar is executed, it performs the following actions:
  1. Modifies the value:

    "SearchAssistant" = "http:/ /www.abx4.com/side.php"

    in the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
  2. Modifies the value:

    "Start Page" = "    http:/ /www.abx4.com"

    in the registry subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  3. Creates the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CEAF8F-BF59-429b-A1D9-91C88CCFE94B}

    so that the adware runs every time Internet Explorer is started.

  4. Creates the following registry keys:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CEAF8F-BF59-429b-A1D9-91C88CCFE94B}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544F12D3-0B83-4DDB-B73A-53E1B4BBA4AF}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17BBFF9A-5D7B-4A5B-8265-15B4B86BE90F}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E5C9FAE-43B0-47C3-BA51-BA5A08E44322}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{483D2273-2C22-4053-94CA-6A99B2778BF2}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTB01186
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTB01186.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB01186.IEToolbar
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB01186.IEToolbar.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB01186.XBTB01186
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB01186.XBTB01186.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{544F12D3-0B83-4DDB-B73A-53E1B4BBA4AF}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{544F12D3-0B83-4DDB-B73A-53E1B4BBA4AF}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB01186.XBTB01186Toolbar
    • HKEY_CURRENT_USER\Software\Maxthon
    • HKEY_CURRENT_USER\Software\XBTB01186
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{544F12D3-0B83-4DDB-B73A-53E1B4BBA4AF}

  5. Pops-up an unusually high number of Internet Explorer windows.


Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS