Symptoms
Toolbar appears in Internet Explorer and displays links.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Daniel Chipiristeanu, virus researcher
Technical Description:
RXToolbar is an adware in form of a toolbar which is a type of browser plug-in that adds a third-party utility bar to the web browser. It tracks the Web sites visited and keywords used in search engines .This information is sent to a remote site. The toolbar shows related links for the current page being viewed according to a certain search engine. During the installation there is no license agreement for the user to view.
It’s also known as RXBar and it has a browser helper object component too.
RXToolbar installs the following files on disk:
%programfiles%\RXToolBar\ RXToolbar.dll %programfiles%\RXToolBar\semantic insight\ semanticinsight.exe %programfiles%\RXToolBar\sfcont.dll %programfiles%\RXToolBar\sfcont.bin
Also adds the following registry entries:
HKEY_CURRENT_USER\Software\RX ToolBar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55B61359-4DB0-4FF4-934E-3B8C0FC707F8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C13987F-041E-4EBE-8784-E6BB9D02E656} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB590D02-0A82-4F44-9FAD-517948DCF4F3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RXResult.RXResultFilter HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RXResult.RXResultTracker HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RXToolBar.TBInfo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SemanticInsight.SI4CS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{05563F82-69A7-40A6-8670-153B635A7EF6} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7F46B8E6-254D-46B4-999F-B37B5BE7A9F5} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar HKEY_LOCAL_MACHINE\SOFTWARE\RXResults HKEY_LOCAL_MACHINE\SOFTWARE\SemanticInsight
I It creates an autorun registry value so it can run on every startup “SemanticInsight” in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Also it inserts its
toolbar and
browser helper object into registry :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
SHARE
THIS ON