1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Dotcomtoolbar Installation Files Request

Dotcomtoolbar Installation Files Request

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the HTTP request for the spyware's installation files.

Additional Information

Spyware.Dotcomtoolbar is a program that hooks URLs, sends them to a predetermined Web site, and then redirects the URL to the correct location. The Web site can log a user's IP address and visited URLs.

Spyware :
Programs that have the ability to scan systems or monitor activity and relay information to other computers or locations in cyber-space. Among the information that may be actively or passively gathered and disseminated by Spyware: passwords, log-in details, account numbers, personal information, individual files or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage or other computing habits.

Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. Spyware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger spyware by accepting an End User License Agreement from a software program linked to the spyware or from visiting a website that downloads the spyware with or without an End User License Agreement

Affected

  • Windows.

Response

Symantec Security Response has developed a removal tool for Spyware.Dotcomtoolbar. Use this removal tool first, as it is the easiest way to remove this threat.

The tool can be found here: http://securityresponse.symantec.com/avcenter/FxDtcmtb.exe

The current version of the tool is 1.0.1 and will have a digital signature timestamp equivalent to 04/01/2005 11:28 AM PST

Note: The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.

It has been reported that a computer on which Spyware.Dotcomtoolbar is installed may also have other security risks. Symantec recommends that the following steps be carried out:

1. Apply the Spyware.Dotcomtoolbar Removal Tool.
2. Update the definitions by starting the Symantec program and running LiveUpdate.
3. Run a full system scan to detect any other security risks on the computer.
4. If the scan detects any further security risks, check for removal tools at http://securityresponse.symantec.com/avcenter/security.risks.tools.list.html.
5. If there are no removal tools for the security risks that are detected, follow the manual removal instructions listed in the threat report.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube