Content

Adware-Fizzle

Type
Program
SubType
Adware
Discovery Date
05/17/2005
Minimum DAT
4493 (05/17/2005)
Updated DAT
4592 (09/28/2005)
Minimum Engine
5.1.00
Description Added
05/17/2005
Description Modified
03/01/2006 9:14 PM (PT)

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary

This is not a virus or Trojan. It is an Adware application. Upon execution it contacts its controlling server coolbar.com and adds a BHO and a toolbar in the internet explorer, as shown below:

Any search performed using the toolbar directs to the site thecoolbar.com. While browsing it contacts other websites such as consumeralertsystem.com, superbrewards.com, c.azjmp.com, etc.

Privacy

No license agreement is displayed during installation, but it can be found on its website.

Installation

File name:  searchbar.exe
MD5Hash: c1072e40f7f9bdcb689ffa2a1b01025c

Upon executing the application, it creates the folder “C:\sysfwb” in which it adds the following files:

  • iefwbar.dll
  • buttons.txt
  • menu.txt
  • h.txt

The text files buttons.txt and menu.txt contains information about the toolbar such as the buttons available and the sites where those buttons would take upon clicking.

Following registries are added:

  • HKEY_CLASSES_ROOT\CLSID\{2342DB04-08CE-4CF6-976D-BD9EFA960EFB}
  • HKEY_CLASSES_ROOT\CLSID\{9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC}
  • HKEY_CLASSES_ROOT\Interface\{3116ED38-8599-4261-8F81-F43266FFAAFF}
  • HKEY_CLASSES_ROOT\TypeLib\{549AD254-492D-42B5-8909-34F14348D4BC}
  • HKEY_CLASSES_ROOT\Fizzlebar.clsDockWindow
  • HKEY_CLASSES_ROOT\Fizzlebar.clsFwBar
  • HKEY_LOCAL_MACHINE\SOFTWARE\fwbar2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Explorer\Browser Helper Objects\{9056A11F-5EA6-4A67-BDE9-
    8D3C7C453DAC}

Aliases

Aliases

  • Adware.Fizzle: Symantec
  • Adware/Fizzle: Panda Antivirus
  • Trojan-Downloader.Win32.VB.eu: Kaspersky