Adware.Hotbar

SYMPTOMS:

Toolbar present in Internet Explorer and Microsoft Outlook and Outlook Express with search and emoticons.

Periodical pop-ups with advertisements.

Hotbar Weather Service icon in the tray.

TECHNICAL DESCRIPTION:

At installation, Hotbar adds a toolbar to Internet Explorer,  Microsoft Outlook and Outlook Express. It also adds Hotbar Weather Service in the system tray.
 

It places its files in C:\Program Files\HbTools\Bin\<version>:

• HbtCoreSrv.dll
• HbtHostOE.dll
• HbtSrv.exe
• HbtOEAddOn.exe
• [Hbt]WeatherOnTray.exe (the name depends on the version of Hotbar).

and several others, depending on the version, most starting with Hbt.
 

It registers several COM dlls that reside in the installation folder, and copies an executable with a random generated name to %SYSTEM% folder, which it adds to HKLM\Software\Microsoft\Windows\CurrentVersion\Run, along with HbtSrv.exe and [Hbt]WeatherOnTray.exe, to be executed at each startup. Some of the registry keys thus created are:

• HKCR\ HbtHostIE.Bho
• HKCR\HbtHostIE.Bho.1
• HKCR\HbtHostOL.HbtMailAnim
• HKCR\HbtHostOL.HbtMailAnim1
• HKCR\HbtHostOL.HbtWebmailSend
• HKCR\HbtHostOL.HbtWebmailSend1
• HKCR\HbtInstIE.HbInstObj
• HKCR\HbtInstIE.HbInstObj1
• HKCR\HbTools.HbtCommBand
• HKCR\HbTools.HbtCommBand1
• HKCR\HbtSrv.HbtCoreServices
• HKCR\HbtSrv.HbtCoreServices1
• HKCR\HbtToolbar.HbtHtmlMenuUI
• HKCR\HbtToolbar.HbtHtmlMenuUI1
• HKCR\HbtTools.HbMain
• HKCR\HbtTools.HbMain1

It keeps it settings in the system registry under HKCU\Software\HbTools and HKLM\Software\HbTools and in the folder %USERPROFILE%\Application Data\HbTools.

Removal instructions:

You can try uninstalling Hotbar from Control Panel\Add/Remove Programs, or let BitDefender clean your system.

ANALYZED BY:

Theodor-Iulian Ciobanu, virus researcher