Content

ASKToolbar

Type
Program
SubType
Win32
Discovery Date
07/03/2008
Length
Minimum DAT
5331 (07/03/2008)
Updated DAT
6277 (03/06/2011)
Minimum Engine
5.2.00
Description Added
07/03/2008
Description Modified
10/29/2008 2:18 AM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

System changes

Installer askBarSetup.exe

MD5: 3c079ce7fe235b54c07d0267b159bf09

Size: 476,168 bytes

 

c:\Program Files\AskBar\bar\bin\askBar.dll
MD5: e26d264e235763cb76657410bc838083
Size: 238,544 bytes

 

c:\Program Files\AskBar\bar\bin\askPopStp.dll
MD5: 3ac32e7245286b974cad391add1f118a
Size: 119,760 bytes

 

c:\Program Files\AskBar\bar\bin\RunIE.exe
MD5: 88e3225d42eb43d99a519080e039fee4
Size: 42,880 bytes

 

c:\Program Files\AskBar\unins000.exe
a5c7de85c85b486f22134705176d85e9
Size: 704,415 bytes

 

c:\Documents and Settings\tg\UserData\index.dat

Size: 16,384 bytes

On execution of this application, an installation window appears as shown below:

A BHO entry is added in the explorer. A toolbar is installed (see red box below) and it connects to "ask.com".

Following registry entries are added:

  •  HKEY_CURRENT_USER\Software\AskBar
  •  HKEY_CLASSES_ROOT\AskBar.PopSwatterBarButton
  •  HKEY_CLASSES_ROOT\AskBar.PopSwatterSettingsControl
  •  HKEY_CLASSES_ROOT\AskJeevesToolBar.SettingsPlugin
  •  HKEY_CLASSES_ROOT\CLSID\{464D5661-3E12-415b-8DF1-8D986745149F}
  •  HKEY_CLASSES_ROOT\CLSID\{528B5866-2BA6-42ce-8F74-39FB23B49767}
  •  HKEY_CLASSES_ROOT\CLSID\{5A074B21-F830-49de-A31B-5BB9D7F6B407}
  •  HKEY_CLASSES_ROOT\CLSID\{89D30B4C-2408-4e78-A334-8FF8A9713EA7}
  •  HKEY_CLASSES_ROOT\CLSID\{960F88FD-56BE-4f63-AB76-5E3A1CCF6738}
  •  HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
  •  HKEY_CLASSES_ROOT\CLSID\{DEBF145B-366D-42ad-8FE1-A889C23C992D}
  •  HKEY_CLASSES_ROOT\CLSID\{EC1D2C70-8CDE-4013-BE72-2B08A2C54B6B}
  •  HKEY_CLASSES_ROOT\Interface\{5A074B2A-F830-49DE-A31B-5BB9D7F6B407}
  •  HKEY_CLASSES_ROOT\Interface\{89D30B4B-2408-4E78-A334-8FF8A9713EA7}
  •  HKEY_CLASSES_ROOT\TypeLib\{DEBF145A-366D-42AD-8FE1-A889C23C992D}
  •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A074B21-F830-49de-A31B-5BB9D7F6B407}
  •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar for Internet Explorer_is1

Network Impact

The toolbar connects to "ask.com" to carry out user searches.

Symptoms

Method of Infection

Variants

Variants

    N/A

All Information

Overview -

Aliases

  • Signed-AdWare.Win32.MyWay.ad (Ikarus)
  • Signed-AdWare.Win32.MyWay.ad (VBA32)

Characteristics

Characteristics -

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

System changes

Installer askBarSetup.exe

MD5: 3c079ce7fe235b54c07d0267b159bf09

Size: 476,168 bytes

 

c:\Program Files\AskBar\bar\bin\askBar.dll
MD5: e26d264e235763cb76657410bc838083
Size: 238,544 bytes

 

c:\Program Files\AskBar\bar\bin\askPopStp.dll
MD5: 3ac32e7245286b974cad391add1f118a
Size: 119,760 bytes

 

c:\Program Files\AskBar\bar\bin\RunIE.exe
MD5: 88e3225d42eb43d99a519080e039fee4
Size: 42,880 bytes

 

c:\Program Files\AskBar\unins000.exe
a5c7de85c85b486f22134705176d85e9
Size: 704,415 bytes

 

c:\Documents and Settings\tg\UserData\index.dat

Size: 16,384 bytes

On execution of this application, an installation window appears as shown below:

A BHO entry is added in the explorer. A toolbar is installed (see red box below) and it connects to "ask.com".

Following registry entries are added:

  •  HKEY_CURRENT_USER\Software\AskBar
  •  HKEY_CLASSES_ROOT\AskBar.PopSwatterBarButton
  •  HKEY_CLASSES_ROOT\AskBar.PopSwatterSettingsControl
  •  HKEY_CLASSES_ROOT\AskJeevesToolBar.SettingsPlugin
  •  HKEY_CLASSES_ROOT\CLSID\{464D5661-3E12-415b-8DF1-8D986745149F}
  •  HKEY_CLASSES_ROOT\CLSID\{528B5866-2BA6-42ce-8F74-39FB23B49767}
  •  HKEY_CLASSES_ROOT\CLSID\{5A074B21-F830-49de-A31B-5BB9D7F6B407}
  •  HKEY_CLASSES_ROOT\CLSID\{89D30B4C-2408-4e78-A334-8FF8A9713EA7}
  •  HKEY_CLASSES_ROOT\CLSID\{960F88FD-56BE-4f63-AB76-5E3A1CCF6738}
  •  HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
  •  HKEY_CLASSES_ROOT\CLSID\{DEBF145B-366D-42ad-8FE1-A889C23C992D}
  •  HKEY_CLASSES_ROOT\CLSID\{EC1D2C70-8CDE-4013-BE72-2B08A2C54B6B}
  •  HKEY_CLASSES_ROOT\Interface\{5A074B2A-F830-49DE-A31B-5BB9D7F6B407}
  •  HKEY_CLASSES_ROOT\Interface\{89D30B4B-2408-4E78-A334-8FF8A9713EA7}
  •  HKEY_CLASSES_ROOT\TypeLib\{DEBF145A-366D-42AD-8FE1-A889C23C992D}
  •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A074B21-F830-49de-A31B-5BB9D7F6B407}
  •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar for Internet Explorer_is1

Network Impact

The toolbar connects to "ask.com" to carry out user searches.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants -

    N/A