1. Symantec/
  2. Security Response/
  3. Adware.BocaiToolbar

Adware.BocaiToolbar

Updated:
February 13, 2007 11:46:59 AM
Type:
Adware
Version:
2.0.0.0
Publisher:
blogmark.bokee.com
Risk Impact:
Medium
File Names:
bocaitoolbar.dll msplug.dll msaddon.dll bcup.exe
Systems Affected:
Windows 2000, Windows 98, Windows Me, Windows Server 2003, Windows XP

When Adware.BocaiToolbar is executed, it performs the following actions:
  1. Creates the following files:

    • %System%\msplug.dll
    • %System%\msaddon.dll
    • %System%\bcup.exe
    • %System%\bocaitoolbar.dll


      Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the folder %ProgramFiles%\blogmark

  3. Creates the following registry entries:

    HKEY_CLASSES_ROOT\CLSID\{BF4D0BCA-6FE4-4FA2-BEBE-87A72B3B77F1}
    HKEY_CLASSES_ROOT\TypeLib\{1729F6BB-0CE7-4D3C-BD08-B271D7CB3D63}

    HKEY_CLASSES_ROOT\Interface\{5BD85147-1218-442D-980B-86E56860350B
    }
    HKEY_CLASSES_ROOT\BCCommunication.HTTPAPI
    HKEY_CLASSES_ROOT\BCCommunication.HTTPAPI.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCCommunication.HTTPAPI
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCCommunication.HTTPAPI.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF4D0BCA-6FE4-4FA2-BEBE-87A72B3B77F1}
    HKEY_CLASSES_ROOT\CLSID\{4DA2EE61-6399-4C39-AEB9-0D990E610D29}
    HKEY_CLASSES_ROOT\TypeLib\{693A1E03-7B1B-41D8-8803-CF9ED9D86070}
    HKEY_CLASSES_ROOT\Interface\{3855CF44-363B-4E48-B3FD-25736207B27F}
    HKEY_CLASSES_ROOT\BoCaiToolBar.StockBar

    HKEY_CLASSES_ROOT\BoCaiToolBar.StockBar.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoCaiToolBar.StockBar
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoCaiToolBar.StockBar.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DA2EE61-6399-4C39-AEB9-0D990E610D29}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4DA2EE61-6399-4C39-AEB9-0D990E610D29}
    HKEY_LOCAL_MACHINE\SOFTWARE\BlogChina

  4. Adds the value:

    "BCUpdate" = "%System%\BCUP.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  5. Adds thevalue:

    "RegBar" = "regsvr32.exe /u %ProgramFiles%\blogmark\bocaitoolbar.dll /s /i /n"

    to the registry subkeys:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

  6. Adds the following value:

    "AboutSys" = "regsvr32.exe msaddon.dll /s"

    to the registry subkeys:

    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


  7. Adds the values:

    "DisplayName" = [CHINESE CHARACTERS]
    "
    DisplayVersion" = "2000"
    "
    InstallLocation" = "%ProgramFiles%\blogmark"
    "
    Publisher" = "www.bokee.com"
    "
    UninstallString" = "regsvr32.exe /u C:\Progra~1\blogmark\bocaitoolbar.dll /s"
    "
    URLInfoAbout" = "[http://]blogmark.bokee.com/[REMOVED]"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blogmark

  8. Displays the following toolbar when Internet Explorer is launched:



Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube