SHARE
THIS ON

Facebook Twitter Google Plus

Adware.Toolbar.Hotbar

HIGH
LOW
various
()

Symptoms

Toolbar present in Internet Explorer and Microsoft Outlook and Outlook Express with search and emoticons.

Periodical pop-ups with advertisements.

Hotbar Weather Service icon in the tray.

Removal instructions:

You can try uninstalling Hotbar from Control Panel\Add/Remove Programs, or let BitDefender clean your system.

Analyzed By

Theodor-Iulian Ciobanu, virus researcher

Technical Description:

At installation, Hotbar adds a toolbar to Internet Explorer,  Microsoft Outlook and Outlook Express. It also adds Hotbar Weather Service in the system tray.

 

It places its files in C:\Program Files\HbTools\Bin\<version>:

  • HbtCoreSrv.dll
  • HbtHostOE.dll
  • HbtSrv.exe
  • HbtOEAddOn.exe
  • [Hbt]WeatherOnTray.exe (the name depends on the version of Hotbar).

and several others, depending on the version, most starting with Hbt.

 

It registers several COM dlls that reside in the installation folder, and copies an executable with a random generated name to %SYSTEM% folder, which it adds to HKLM\Software\Microsoft\Windows\CurrentVersion\Run, along with HbtSrv.exe and [Hbt]WeatherOnTray.exe, to be executed at each startup. Some of the registry keys thus created are:

  • HKCR\ HbtHostIE.Bho
  • HKCR\HbtHostIE.Bho.1
  • HKCR\HbtHostOL.HbtMailAnim
  • HKCR\HbtHostOL.HbtMailAnim1
  • HKCR\HbtHostOL.HbtWebmailSend
  • HKCR\HbtHostOL.HbtWebmailSend1
  • HKCR\HbtInstIE.HbInstObj
  • HKCR\HbtInstIE.HbInstObj1
  • HKCR\HbTools.HbtCommBand
  • HKCR\HbTools.HbtCommBand1
  • HKCR\HbtSrv.HbtCoreServices
  • HKCR\HbtSrv.HbtCoreServices1
  • HKCR\HbtToolbar.HbtHtmlMenuUI
  • HKCR\HbtToolbar.HbtHtmlMenuUI1
  • HKCR\HbtTools.HbMain
  • HKCR\HbtTools.HbMain1

It keeps its settings in the system registry under HKCU\Software\HbTools and HKLM\Software\HbTools and in the folder %USERPROFILE%\Application Data\HbTools.

 

Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources