Updated: February 13, 2007 11:46:59 AM
Type: Adware
Version: 2.0.0.0
Publisher: blogmark.bokee.com
Risk Impact: Medium
File Names:
bocaitoolbar.dll
msplug.dll
msaddon.dll
bcup.exe
Systems Affected: Windows 2000, Windows 98, Windows Me, Windows Server 2003, Windows XP
When Adware.BocaiToolbar is executed, it performs the following actions:
- Creates the following files:
- %System%\msplug.dll
- %System%\msaddon.dll
- %System%\bcup.exe
- %System%\bocaitoolbar.dll
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Creates the folder %ProgramFiles%\blogmark
- Creates the following registry entries:
HKEY_CLASSES_ROOT\CLSID\{BF4D0BCA-6FE4-4FA2-BEBE-87A72B3B77F1}
HKEY_CLASSES_ROOT\TypeLib\{1729F6BB-0CE7-4D3C-BD08-B271D7CB3D63}
HKEY_CLASSES_ROOT\Interface\{5BD85147-1218-442D-980B-86E56860350B}
HKEY_CLASSES_ROOT\BCCommunication.HTTPAPI
HKEY_CLASSES_ROOT\BCCommunication.HTTPAPI.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCCommunication.HTTPAPI
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCCommunication.HTTPAPI.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF4D0BCA-6FE4-4FA2-BEBE-87A72B3B77F1}
HKEY_CLASSES_ROOT\CLSID\{4DA2EE61-6399-4C39-AEB9-0D990E610D29}
HKEY_CLASSES_ROOT\TypeLib\{693A1E03-7B1B-41D8-8803-CF9ED9D86070}
HKEY_CLASSES_ROOT\Interface\{3855CF44-363B-4E48-B3FD-25736207B27F}
HKEY_CLASSES_ROOT\BoCaiToolBar.StockBar
HKEY_CLASSES_ROOT\BoCaiToolBar.StockBar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoCaiToolBar.StockBar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoCaiToolBar.StockBar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DA2EE61-6399-4C39-AEB9-0D990E610D29}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4DA2EE61-6399-4C39-AEB9-0D990E610D29}
HKEY_LOCAL_MACHINE\SOFTWARE\BlogChina
- Adds the value:
"BCUpdate" = "%System%\BCUP.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Adds thevalue:
"RegBar" = "regsvr32.exe /u %ProgramFiles%\blogmark\bocaitoolbar.dll /s /i /n"
to the registry subkeys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
- Adds the following value:
"AboutSys" = "regsvr32.exe msaddon.dll /s"
to the registry subkeys:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
- Adds the values:
"DisplayName" = [CHINESE CHARACTERS]
"DisplayVersion" = "2000"
"InstallLocation" = "%ProgramFiles%\blogmark"
"Publisher" = "www.bokee.com"
"UninstallString" = "regsvr32.exe /u C:\Progra~1\blogmark\bocaitoolbar.dll /s"
"URLInfoAbout" = "[http://]blogmark.bokee.com/[REMOVED]"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blogmark
- Displays the following toolbar when Internet Explorer is launched:
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
