1. /
  2. Security Response/
  3. AntiToolbar

AntiToolbar

Updated:
December 29, 2009 10:57:35 AM
Type:
Misleading Application
Name:
AntiToolbar
Version:
0.0.0.0
Publisher:
http://www.antitoolbar.com
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Behavior
The program must be manually installed.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiToolbar.lnk
  • C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_2d8.dat
  • C:\Documents and Settings\All Users\Desktop\AntiToolbar.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Toolbar Agent.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiToolbar\AntiToolbar on the Web.url
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiToolbar\AntiToolbar.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiToolbar\Uninstall AntiToolbar.lnk
  • C:\Program Files\AntiToolbar\AntiToolbar.exe
  • C:\Program Files\AntiToolbar\AntiToolbarAgent.exe
  • C:\Program Files\AntiToolbar\InstallExtension.dll
  • C:\Program Files\AntiToolbar\unins000.dat
  • C:\Program Files\AntiToolbar\unins000.exe


It may also create the following folders:
  • C:\Documents and Settings\All Users\Start Menu\Programs\AntiToolbar
  • C:\Program Files\AntiToolbar


Next, the program modifies the following files:
  • C:\WINDOWS\Prefetch\1.EXE-335C5EEA.pf
  • C:\WINDOWS\Prefetch\1.TMP-336537F8.pf
  • C:\WINDOWS\Prefetch\ANTITOOLBAR.EXE-18594AF0.pf
  • C:\WINDOWS\Prefetch\ANTITOOLBARAGENT.EXE-163F1EA1.pf


It then deletes the following file:
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_ef0.dat

The program also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11A6DB90-161E-4E1C-9516-75ED6A67033D}_is1
  • HKEY_CURRENT_USER\S-1-5-21-1172441840-534431857-1906119351-500


Similar Security Risks

AntiSpyWare
2010



Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report