Symantec | United States

Enterprise

Shopping

/
Security Response/
Adware.EZToolbar

Add

Adware.EZToolbar

Printer Friendly Page|Rate this page

Updated:: February 13, 2007 11:43:16 AM
Type:: Adware
Publisher:: http://www.pickoftheweb.com
Risk Impact:: Medium
File Names:: potwbar.dll
Systems Affected:: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.EZToolbar is installed, it performs the following actions:

Creates the file %Windir%\Downloaded Program Files\potwbar.dll.

Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
Creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\potwbar.POTWBAR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\POTWBAR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} HKEY_CURRENT_USER\Software\Dynamic Toolbar\POTWBAR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database \Distribution Units\{4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D}
Adds the value:

"{4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D}" = "00"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbarso that the adware runs every time Internet Explorer is starts.
Sends information about Internet sites visited and keywords searched in search engines like google, to a server on the toolbar.pickofthe***.com domain.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm

STAR Antimalware Protection Technologies

Internet Security Threat Report, Volume 17

Symantec DeepSight Screensaver

Symantec [+]
Norton [+]
- AntiVirus|
- Norton Store|
- Internet Security|
- Mac AntiVirus|
- Mobile Security|
- Norton|
- Spyware|
- Virus Protection|
- Virus Removal|
- Virus Scan
Website Security Solutions [+]
PC Tools [+]