Hotbar

Kategorie: Adware und PUAs Schutz verfügbar seit:19 Dez 2003 00:00:00 (GMT)
Typ: Adware Zuletzt aktualisiert:16 Jul 2013 23:10:24 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Hotbar is advertising supported software from www.hotbar.com, www.wowpapers.com and www.easyscreensavers.com.

Hotbar consists of plugins for Microsoft Internet Explorer and Microsoft Outlook or Outlook Express.

When the browser is active Hotbar delivers advertisements (specific to the sites visited) in the form of links and popup ads.

Advertising links are added to outgoing email messages.

Hotbar may download and install updates of its software at any time without notification that it is doing so.

When Hotbar is installed the following files and folders are typically created:

<User>\Application Data\HbTools
<User>\Cookies\user@hotbar[1].txt
<Temp>\nsz1B.tmp\System.dll
<Temp>\nsz1B.tmp\TVEngineCommand.dll
<Program Files>\HbTools\
<Program Files>\HbTools\Bin\HbtUninst.exe
<Program Files>\HbTools\Bin\4.8.4.0\Cml.exe
<Program Files>\HbTools\Bin\4.8.4.0\dBenderC.dll
<Program Files>\HbTools\Bin\4.8.4.0\HbtCoreSrv.dll
<Program Files>\HbTools\Bin\4.8.4.0\HbtGuard.exe
<Program Files>\HbTools\Bin\4.8.4.0\HbtHostIE.dll
<Program Files>\HbTools\Bin\4.8.4.0\HbtHostOE.dll
<Program Files>\HbTools\Bin\4.8.4.0\HbtHostOL.dll
<Program Files>\HbTools\Bin\4.8.4.0\HbtInstIE.dll
<Program Files>\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe
<Program Files>\HbTools\Bin\4.8.4.0\HbtSrv.exe
<Program Files>\HbTools\Bin\4.8.4.0\HbtToolbar.dll
<Program Files>\HbTools\Bin\4.8.4.0\HbtWallpaper.dll
<Program Files>\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
<Program Files>\HbTools\HBTV\HBTV.exe
<Program Files>\HbTools\HBTV\HBTVHelper.dll
<Program Files>\HbTools\HBTV\uninstaller.exe
<Program Files>\Hotbar
<System>\????????.exe

where ? is a variable character a-z.

Various links may be added to the Desktop such as:

<Desktop>\Free PC Wallpapers.lnk
<Desktop>\Play Games.lnk
<Desktop>\Repair Your Registry.lnk

The following registry entries are created to run HbtOEAddOn.exe, HbtWeatherOnTray.exe and ????????.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HbTools
<Program Files>\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
????????
<System>\????????.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WeatherOnTray
<Program Files>\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe

The files HbtCoreSrv.dll, HbtHostIE.dll, HbtHostOL.dll, HbtInstIE.dll, HbtSrv.exe, HbtToolbar.dll, HbtWallpaper.dll, HbtWeatherOnTray.exe and HBTVHelper.dll are registered as COM objects, creating registry entries under:

HKCR\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}
HKCR\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}
HKCR\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}
HKCR\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}
HKCR\CLSID\{90B5A95A-AFD5-4D11-B9BD-A69D53D22226}
HKCR\CLSID\{8C875948-9C60-4381-9248-0DF180542D53}
HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKCR\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKCR\CLSID\{4B18DD50-C996-44fc-AC52-0FECFF82ED58}
HKCR\CLSID\{420C35C9-E4F2-49F9-BF67-2BE1ECF86989}
HKCR\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}
HKCR\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
HKCR\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}
HKCR\Wallpaper.WallpaperManager
HKCR\Wallpaper.WallpaperManager.1
HKCR\TVEngine.BHO
HKCR\TVEngine.BHO.1
HKCR\HbtTools.HbMain
HKCR\HbtTools.HbMain.1
HKCR\HbtToolbar.HbtToolbarCtl
HKCR\HbtToolbar.HbtToolbarCtl.1
HKCR\HbtToolbar.HbtHtmlMenuUI
HKCR\HbtToolbar.HbtHtmlMenuUI.1
HKCR\HbtSrv.HbtCoreServices
HKCR\HbtSrv.HbtCoreServices.1
HKCR\HbTools.HbtCommBand
HKCR\HbTools.HbtCommBand.1
HKCR\HbtInstIE.HbInstObj
HKCR\HbtInstIE.HbInstObj.1
HKCR\HbtHostOL.HbtWebmailSend
HKCR\HbtHostOL.HbtWebmailSend.1
HKCR\HbtHostOL.HbtMailAnim
HKCR\HbtHostOL.HbtMailAnim.1
HKCR\HbtHostIE.Bho
HKCR\HbtHostIE.Bho.1
HKCR\HbtCoreSrv.LfgAx
HKCR\HbtCoreSrv.LfgAx.1
HKCR\HbtCoreSrv.HbtCoreServices
HKCR\HbtCoreSrv.HbtCoreServices.1
HKCR\HbCoreSrv.DynamicProp
HKCR\HbCoreSrv.DynamicProp.1

The file HbtHostIE.dll is registered as a toolbar, creating registry entries under:

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}

The files HbtHostIE.dll and HBTVHelper.dll are registered as Browser Helper Objects (BHOs) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B18DD50-C996-44fc-AC52-0FECFF82ED58}

During Hotbar installation, if the user does not un-check the option "Enable Hotbar keyword search in Internet Explorer address bar and change my search assistant in Internet Explorer to ResultMasters." (which is checked by default), the following registry entry is set:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search
SearchAssistant
http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm

The following registry entry is set, affecting internet security:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
1601
0

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HbTools 4.8.4
<no value>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90B5A95A-AFD5-4d11-B9BD-A69D53D22226}
1
0

HKCU\Software\Microsoft\Internet Explorer\Main
Use Custom Search URL
0

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsWebTools
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsOutlookTools
HKLM\SOFTWARE\HbTools
HKCU\Software\HbTools
HKLM\SOFTWARE\HBTV
HKCU\Software\hbtv
HKCR\Wallpaper.WallpaperManager
HKCR\Wallpaper.WallpaperManager.1
HKCR\Wallpaper.WallpaperManager
HKCR\TVEngine.BHO
HKCR\TVEngine.BHO.1
HKCR\HbtTools.HbMain.1
HKCR\HbtTools.HbMain
HKCR\HbtToolbar.HbtToolbarCtl.1
HKCR\HbtToolbar.HbtToolbarCtl
HKCR\HbtToolbar.HbtHtmlMenuUI.1
HKCR\HbtToolbar.HbtHtmlMenuUI
HKCR\HbtSrv.HbtCoreServices.1
HKCR\HbtSrv.HbtCoreServices
HKCR\HbTools.HbtCommBand.1
HKCR\HbTools.HbtCommBand
HKCR\HbtInstIE.HbInstObj.1
HKCR\HbtInstIE.HbInstObj
HKCR\HbtHostOL.HbtWebmailSend.1
HKCR\HbtHostOL.HbtWebmailSend
HKCR\HbtHostOL.HbtMailAnim.1
HKCR\HbtHostOL.HbtMailAnim
HKCR\HbtHostIE.Bho.1
HKCR\HbtHostIE.Bho
HKCR\HbtCoreSrv.LfgAx.1
HKCR\HbtCoreSrv.LfgAx
HKCR\HbtCoreSrv.HbtCoreServices.1
HKCR\HbtCoreSrv.HbtCoreServices
HKCR\HbCoreSrv.DynamicProp.1
HKCR\HbCoreSrv.DynamicProp
HKLM\SOFTWARE\bjoyymui

Hotbar provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "Hotbar Browser, Weather and Wowpapers Tools" and "Hotbar Outlook Tools".

The installer for Hotbar also gives the user the option to install ShopperReports (shopperreports.com).

The ShopperReports software is installed to the following folders:

<User>\Application Data\ShoppingReport
<Program Files>\ShoppingReport

The file ShoppingReport.dll is registered as a COM object, plugin, toolbar and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}
HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
HKCR\ShoppingReport.RprtCtrl
HKCR\ShoppingReport.RprtCtrl.1
HKCR\ShoppingReport.IEButtonA
HKCR\ShoppingReport.IEButtonA.1
HKCR\ShoppingReport.IEButton
HKCR\ShoppingReport.IEButton.1
HKCR\ShoppingReport.HbInfoBand
HKCR\ShoppingReport.HbInfoBand.1
HKCR\ShoppingReport.HbAx
HKCR\ShoppingReport.HbAx.1
HKCR\ShoppingReport.RprtCtrl.1
HKCR\ShoppingReport.RprtCtrl
HKCR\ShoppingReport.IEButtonA.1
HKCR\ShoppingReport.IEButtonA
HKCR\ShoppingReport.IEButton.1
HKCR\ShoppingReport.IEButton
HKCR\ShoppingReport.HbInfoBand.1
HKCR\ShoppingReport.HbInfoBand
HKCR\ShoppingReport.HbAx.1
HKCR\ShoppingReport.HbAx

Registry entries are created under:

HKLM\SOFTWARE\ShoppingReport
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport

ShopperReports provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "ShopperReports".

Download Sophos Produkte kostenlos testen
Jetzt downloaden