1. Symantec/
  2. Security Response/
  3. AntiToolbar

AntiToolbar

Updated:
December 29, 2009 10:57:35 AM
Type:
Misleading Application
Name:
AntiToolbar
Version:
0.0.0.0
Publisher:
http://www.antitoolbar.com
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiToolbar.lnk
  • C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_2d8.dat
  • C:\Documents and Settings\All Users\Desktop\AntiToolbar.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Toolbar Agent.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiToolbar\AntiToolbar on the Web.url
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiToolbar\AntiToolbar.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiToolbar\Uninstall AntiToolbar.lnk
  • C:\Program Files\AntiToolbar\AntiToolbar.exe
  • C:\Program Files\AntiToolbar\AntiToolbarAgent.exe
  • C:\Program Files\AntiToolbar\InstallExtension.dll
  • C:\Program Files\AntiToolbar\unins000.dat
  • C:\Program Files\AntiToolbar\unins000.exe


It may also create the following folders:
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiToolbar
  • C:\Program Files\AntiToolbar


Next, the program modifies the following files:
  • C:\WINDOWS\Prefetch\1.EXE-335C5EEA.pf
  • C:\WINDOWS\Prefetch\1.TMP-336537F8.pf
  • C:\WINDOWS\Prefetch\ANTITOOLBAR.EXE-18594AF0.pf
  • C:\WINDOWS\Prefetch\ANTITOOLBARAGENT.EXE-163F1EA1.pf


It then deletes the following file:
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_ef0.dat

The program also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11A6DB90-161E-4E1C-9516-75ED6A67033D}_is1
  • HKEY_CURRENT_USER\S-1-5-21-1172441840-534431857-1906119351-500


Similar Security Risks

AntiSpyWare
2010



Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube