Updated: February 13, 2007 11:43:54 AM
Type: Adware
Version: 1.0.9.3
Publisher: www.searchenginebar.com
Risk Impact: Low
File Names: RXToolbar.exe,RXToolbar.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.RXToolbar is executed, it performs the following actions:
- Creates the following files:
- %ProgramFiles%\RXToolBar\RXToolBar.dll
- %ProgramFiles%\RXToolBar\RXToolBar.cfg
Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- Adds the value:
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}" = "CF BA D8 25 E2 3D 48 4B AE 22 D6 59 B8 D8 35 B0"
to the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
so that the adware runs every time Internet Explorer starts.
- Adds the value:
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}" = "RXToolBar"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
so that the adware runs every time Internet Explorer starts.
- Creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB590D02-0A82-4F44-9FAD-517948DCF4F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RXToolBar.TBInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RXToolBar.TBInfo.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar
HKEY_CURRENT_USER\SOFTWARE\RX Toolbar
- Sends information about keywords typed in popular web searches to a remote server on the www.searchengine[REMOVED].com domain.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
