Content
Generic Toolbar.b!3111a834343d
- Type
- Program
- SubType
- Tool
- Discovery Date
- 04/15/2009
- Minimum DAT
- 5584 (04/14/2009)
- Updated DAT
- 5584 (04/14/2009)
- Minimum Engine
- 5300.2777
- Description Added
- 04/15/2009
- Description Modified
- 04/15/2009 3:04 AM (PT)
Tab Navigation
Characteristics
This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.
| File Property | Property Value |
|---|---|
| FileName | 3x_toolb.exe |
| McAfee Artemis | Artemis!3111a834343d |
| McAfee Detection | Generic Toolbar.b |
| Length | 227,729 bytes |
| CRC | EAD7AFCE |
| MD5 | 3111A834343D33F97A6F10FCCCE9C156 |
| SHA1 | 402CB53A62569BD66E69E51AE1F6B3871E75D7C2 |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| avast | Win32:Spyware-gen [Trj] |
| Avira | DR/ISearch.C.5 |
| BitDefender | Dropped:Application.Softomate.Toolbar.B |
| clamav | Adware.Agent-1557 |
| EMSI Software | Riskware.AdWare.Win32.ISearch!IK |
| FortiNet | Adware/ISearch |
| F-Prot | W32/AdwareX.CYM |
| Kaspersky | not-a-virus:AdWare.Win32.ISearch.c |
| microsoft | Adware:Win32/ActiveSearch |
| panda | Adware/ActiveSearch |
| Symantec | Adware.ActiveSearch |
| vba32 | Adware.Win32.ISearch.c |
| V-Buster | Adware.Softomate.A |
Avert® Labs has observed the following system activities:
| Activity | Risk Level |
|---|---|
| Enumerates open windows | Medium |
| Uses shared memory of other processes | Low |
| Performs a shell execute of downloaded or existing files | Informational |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|---|
| %PROGRAMFILES%\ietoolbar\basis.xml | Generic Toolbar.b |
| %PROGRAMFILES%\ietoolbar\toolbar.dll | Adware-Srng |
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files were analyzed:
The following files have been added to the system:
The following registry elements have been created:
- #editwidthsearch# = widthsearch1
- autocomplete = 49
- autosearch = http://www.3x.ro/dns.3x?q=%s
- autoupdatemsg = new version of your site toolbar is available. would
you like to download and install new version? - blockpopups = 1
- closeallwindowsforupdate = all running ie windows will be closed
before updating the your site toolbar. continue? - connectionerror = can't establish a connection.
- contextmenuitemname = cauta cuvintele selectate
- contextsearch = http://www.3x.ro/cauta.3x?q=%selection
- corruptedmsg = one of the xml files is corrupted or invalid. press ok
to uninstall. - countos = 0
- currentlayout = 0
- descriptivetext = 49
- editwidthsearch = 49
- firsttime = 48
- firsttime = 49
- firsturl = http://www.3x.ro/toolbar/install.3x?id=%toolbar_id
- keephistory = 49
- lastversionmsg = you have the latest version of the your site toolbar.
- m_bworking = 48
- m_bworking = 49
- oldos = 0
- opennew = 48
- runsearchautomatically = 49
- runsearchdragautomatically = 49
- scope = 0
- serverpath = http://www.3x.ro/
- showfindbuttons = 48
- showhighlightbutton = 49
- toolbar_id = {0edca74a-a2ca-43da-a7d3-eab9b49502db}
- toolbar_version = [binary data]
- toolbarisfailed = 0
- uninstallmsg = this will remove the your site toolbar from your
computer! are you sure? - updateautomatically = 48
- updatemsg = this will try to update the your site toolbar from the
server. continue? - updateurl = http://www.3x.ro/toolbar/tbupdate.cab
- urlafteruninstall = http://www.3x.ro/
- urlafterupdate = http://www.3x.ro/toolbar/install.3x?id=%toolbar_id
- versionerror = can not find current version information.
- tb_btn_bunhbiem = 1
- tb_btn_vekrduki = 1
- tb_btn_zlaktfgu = 1
- tb_cmb_npiqzqpj = 1
- widthsearch1 = 1
- (default) = res://c:\program files\ietoolbar\toolbar.dll/search.html
- contexts = 48
- (default) = ie toolbar
- (default) = {12f02779-6d88-4958-8ad3-83c12d86adc7}
- (default) = ie toolbar
- (default) = {12f02779-6d88-4958-8ad3-83c12d86adc7}
- (default) = btb.ietoolbar.1
- (default) = ie toolbar
- (default) = your site toolbar
- (default) = c:\program files\ietoolbar\toolbar.dll
- threadingmodel = apartment
- (default) = btb.ietoolbar.1
- (default) = toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject.1
- (default) = {b36cb30a-6ed9-4c62-9a8a-7de9fa234608}
- (default) = btb.ietoolbar
- (default) = toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject
- (default) = isoftomateobj
- (default) = {00020424-0000-0000-c000-000000000046}
- (default) = {00020424-0000-0000-c000-000000000046}
- (default) = {b36cb30a-6ed9-4c62-9a8a-7de9fa234608}
- version = 3157553
- (default) = your site toolbar
- (default) = {12f02779-6d88-4958-8ad3-83c12d86adc7}
- (default) = your site toolbar
- (default) = {12f02779-6d88-4958-8ad3-83c12d86adc7}
- (default) = toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject.1
- (default) = softomate 1.0 type library
- (default) = c:\program files\ietoolbar\toolbar.dll
- (default) = 48
- (default) = c:\program files\ietoolbar\
- displayname = your site toolbar
- uninstallstring = regsvr32 /u /s "c:\program files\ietoolbar
\toolbar.dll"
The following registry elements have been changed:
- programcount = 2
- fullscreen = no
- {01e04581-4eee-11d0-bfe9-00aa005b4383} = [binary data]
- {0e5cbf21-d15f-11d0-8301-00aa005b4383} = [binary data]
- {12f02779-6d88-4958-8ad3-83c12d86adc7} = [binary data]
- itbarlayout = [binary data]
- order = [binary data]
- (default) = c:\windows\system32\oleacc.dll
- (default) = oleacc.dll
The application created the following network connection(s):
- hxxp://[Domain removed]/sasearch/************
- hxxp://[Domain removed]/sasearch/*************
- hxxp://[Domain removed]/toolbar/************
- hxxp://[Domain removed]/toolbar/*****************
- hxxp://[Domain removed]/toolbar
/*****************************************************
Removal
All Users:
Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:
1.Disable System Restore (Windows ME/XP only).
2.Update to current engine and DAT files for detection and removal.
3.Run a complete system scan.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.
Aliases
Aliases
-
N/A