My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Adware.Hotbar.CL

VERY HIGH
LOW
~1.5 Mb
(not-a-virus:AdWare.Win32.HotBar Adware:Win32/Hotbar (threat-c) Adware/Hotbar)

Symptoms

        The files are detected as Adware.Hotbar.
        Intensive networking activity.
        Custom toolbars in Internet Explorer, Windows Explorer,   Microsoft Outlook and Outlook Express displaying various dynamic buttons and facilities such as weather reporting.

Removal instructions:

Please let BitDefender disinfect your Computer.

Analyzed By

Mihai Cimpoesu, Virus Researcher

Technical Description:

Adware.Hotbar installs itself through children targeted  web page banners or an installer that has no window and thus no option to cancel the instalation.

       Adware.Hotbar adds graphical skins to Internet Explorer, Microsoft Outlook, and Outlook Express toolbars and also adds its own toolbar and search button.

        Adware.Hotbar can send information on browsing habits to various servers, which may be used for targeted marketing such as displaying advertising pop-ups based on specific keywords that are encountered during your browsing session.


       Software's instalation detailes :

1)Creates files in the following folders and files:

%ProgramFiles%\Hotbar

%ProgramFiles%\Hotbar\Bin\HbtUninst.exe
%ProgramFiles%\Hotbar\Bin\Cml.exe
%ProgramFiles%\Hotbar\Bin\dBenderC.dll
%ProgramFiles%\Hotbar\Bin\HbtAds.dll
%ProgramFiles%\Hotbar\Bin\HbtCoreSrv.dll
%ProgramFiles%\Hotbar\Bin\HbtGuard.exe
%ProgramFiles%\Hotbar\Bin\HbtHostIE.dll
%ProgramFiles%\Hotbar\Bin\HbtHostOE.dll
%ProgramFiles%\Hotbar\Bin\HbtHostOL.dll
%ProgramFiles%\Hotbar\Bin\HbtInstIE.dll
%ProgramFiles%\Hotbar\Bin\HbtOEAddOn.exe
%ProgramFiles%\Hotbar\Bin\HbtSrv.exe
%ProgramFiles%\Hotbar\Bin\HbtToolbar.dll
%ProgramFiles%\Hotbar\Bin\HbtWallpaper.dll
%ProgramFiles%\Hotbar\Bin\HbtWeatherOnTray.exe

%ProgramFiles%\HbTools
%UserProfile%\Application Data\HbTools

Creates copies of HbGuard.exe and installs it as [RANDOM NAME].exe in %System32%.

3) Adds the following registry keys

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtCoreSrv.LfgAx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtCoreSrv.LfgAx.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtHostIE.Bho
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtHostIE.Bho.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtHostOL.HbtMailAnim
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtHostOL.HbtMailAnim.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbTools.HbtCommBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbTools.HbtCommBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbTools.HbtTravelCompareBar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtSrv.HbtCoreServices
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtSrv.HbtCoreServices.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtTools.HbMain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HbtTools.HbMain.1
HKEY_CLASSES_ROOT\HBInstIE.HbInstObj.1
HKEY_CLASSES_ROOT\HBInstIE.HbInstObj
HKEY_CLASSES_ROOT\HbCoreSrv.DynamicProp
HKEY_CLASSES_ROOT\HbCoreSrv.DynamicProp.1
HKEY_CLASSES_ROOT\HbCoreSrv.HbCoreServices
HKEY_CLASSES_ROOT\HbCoreSrv.HbCoreServices.1
HKEY_CLASSES_ROOT\HbCoreSrv.LfgAx
HKEY_CLASSES_ROOT\HbCoreSrv.LfgAx.1
HKEY_CLASSES_ROOT\HbHostIE.Bho
HKEY_CLASSES_ROOT\HbHostIE.Bho.1
HKEY_CLASSES_ROOT\HbHostOL.HbElementFocus
HKEY_CLASSES_ROOT\HbHostOL.HbElementFocus.1
HKEY_CLASSES_ROOT\HbHostOL.HbMailAnim
HKEY_CLASSES_ROOT\HbHostOL.HbMailAnim.1
HKEY_CLASSES_ROOT\HbHostOL.HbWebmailSend
HKEY_CLASSES_ROOT\HbHostOL.HbWebmailSend.1
HKEY_CLASSES_ROOT\HbSrv.HbCoreServices
HKEY_CLASSES_ROOT\HbSrv.HbCoreServices.1
HKEY_CLASSES_ROOT\HbToolbar.HbHtmlMenuUI
HKEY_CLASSES_ROOT\HbToolbar.HbHtmlMenuUI.1
HKEY_CLASSES_ROOT\HbToolbar.HbToolbarCtl
HKEY_CLASSES_ROOT\HbToolbar.HbToolbarCtl.1
HKEY_CLASSES_ROOT\Hotbar.HbCommBand
HKEY_CLASSES_ROOT\Hotbar.HbCommBand.1
HKEY_CLASSES_ROOT\Hotbar.HbMain
HKEY_CLASSES_ROOT\Hotbar.HbMain.1
HKEY_CLASSES_ROOT\Hotbar.HbTravelCompareBar
HKEY_CLASSES_ROOT\Hotbar.HbTravelCompareBar.1
HKEY_CLASSES_ROOT\RprtsPSClient.PSExecuter
HKEY_CLASSES_ROOT\RprtsPSClient.PSExecuter.1
HKEY_CLASSES_ROOT\ShprRprts.HbAx
HKEY_CLASSES_ROOT\ShprRprts.HbAx.1
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand.1
HKEY_CLASSES_ROOT\ShprRprts.HbInfoBand
HKEY_CLASSES_ROOT\ShprRprts.HbInfoBand.1
HKEY_CLASSES_ROOT\ShprRprts.IEButton
HKEY_CLASSES_ROOT\ShprRprts.IEButton.1
HKEY_CLASSES_ROOT\ShprRprts.IEButtonA
HKEY_CLASSES_ROOT\ShprRprts.IEButtonA.1
HKEY_CLASSES_ROOT\ShprRprts.SmrtShprCtl
HKEY_CLASSES_ROOT\ShprRprts.SmrtShprCtl.1
HKEY_CLASSES_ROOT\Wallpaper.WallpaperManager
HKEY_CLASSES_ROOT\Wallpaper.WallpaperManager.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\HbSrv.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WeatherOnTray.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B18DD50-C996-44fc-AC52-0FECFF82ED58}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarOutlookTools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarWebTools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopper Reports by Hotbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsOutlookTools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsWebTools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReports by Hotbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HbHostOL.HbMailAnim
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HbtHostOL.HbtMailAnim
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_CLASSES_ROOT\AppID\{0507FDDE-F3B7-49F5-9E8F-C557E991F39B}
HKEY_CLASSES_ROOT\AppID\{B701A705-F828-11D4-A466-00508B5BA2DF}
HKEY_CURRENT_USER\Software\Hotbar
HKEY_LOCAL_MACHINE\Software\Hotbar
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools
HKEY_CURRENT_USER\Software\HbTools
HKEY_USERS\.DEFAULT\Software\Hotbar