Updated: February 13, 2007 11:46:37 AM
Type: Adware
Version: 1.0
Publisher: www.cracks.am
Risk Impact: Medium
File Names: untitled.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.CramToolbar is executed, it performs the following actions:
- Creates the following files:
- %ProgramFiles%\Cram Toolbar\basis.xml
- %ProgramFiles%\Cram Toolbar\icons.bmp
- %ProgramFiles%\Cram Toolbar\untitled.crc
- %ProgramFiles%\Cram Toolbar\untitled.dll
- %ProgramFiles%\Cram Toolbar\version.txt
Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
- Creates the folder %ProgramFiles%\Cram Toolbar\Cache.
- Creates the following registry entries:
HKEY_CLASSES_ROOT\CLSID\{01E69986-A054-4C52-ABE8-EF63DF1C5211}
HKEY_CLASSES_ROOT\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}
HKEY_CLASSES_ROOT\Interface\{9D5C62AE-57B0-43C3-BAE4-BA7908DF4386}
HKEY_CLASSES_ROOT\Interface\{F5BB1D9A-DA7B-4C5B-8272-1554B814E97F}
HKEY_CLASSES_ROOT\ToolBand.XBTB00429
HKEY_CLASSES_ROOT\ToolBand.XBTB00429.1
HKEY_CLASSES_ROOT\TypeLib\{256CE99C-D5E1-4ACC-A538-2ED1E2710FAE}
HKEY_CLASSES_ROOT\XBTB00429.IEToolbar
HKEY_CLASSES_ROOT\XBTB00429.IEToolbar.1
HKEY_CLASSES_ROOT\XBTB00429.XBTB00429
HKEY_CLASSES_ROOT\XBTB00429.XBTB00429.1
HKEY_CURRENT_USER\Software\Maxthon
HKEY_CURRENT_USER\software\XBTB00429
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
\{01E69986-A054-4C52-ABE8-EF63DF1C5211}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
\{01E69986-A054-4C52-ABE8-EF63DF1C5211}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
\ITBarLayout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
\{01E69986-A054-4C52-ABE8-EF63DF1C5211}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
\Uninstall\XBTB00429.XBTB00429Toolbar
- Adds the following value:
"iexplore" = 0
to the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
- Modifies the value:
"Start Page" = "[http://]www.fuck-portal.com/[REMOVED]"
in the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
to reset the search page in Internet Explorer.
- Launches Internet Explorer and opens the following URL:
[http://]www.cracks.am/[REMOVED]
- Displays the following toolbar when Internet Explorer is launched:
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
