Home / malware Adware.Toolbar.Hotbar
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Adware.Toolbar.Hotbar.
Explanation :
At installation, Hotbar adds a toolbar to Internet Explorer, Microsoft Outlook and Outlook Express. It also adds Hotbar Weather Service in the system tray.
It places its files in C:Program FilesHbToolsBin<version>:
HbtCoreSrv.dll HbtHostOE.dll HbtSrv.exe HbtOEAddOn.exe [Hbt]WeatherOnTray.exe (the name depends on the version of Hotbar).
and several others, depending on the version, most starting with Hbt.
It registers several COM dlls that reside in the installation folder, and copies an executable with a random generated name to %SYSTEM% folder, which it adds to HKLMSoftwareMicrosoftWindowsCurrentVersionRun, along with HbtSrv.exe and [Hbt]WeatherOnTray.exe, to be executed at each startup. Some of the registry keys thus created are:
HKCR HbtHostIE.Bho HKCRHbtHostIE.Bho.1 HKCRHbtHostOL.HbtMailAnim HKCRHbtHostOL.HbtMailAnim1 HKCRHbtHostOL.HbtWebmailSend HKCRHbtHostOL.HbtWebmailSend1 HKCRHbtInstIE.HbInstObj HKCRHbtInstIE.HbInstObj1 HKCRHbTools.HbtCommBand HKCRHbTools.HbtCommBand1 HKCRHbtSrv.HbtCoreServices HKCRHbtSrv.HbtCoreServices1 HKCRHbtToolbar.HbtHtmlMenuUI HKCRHbtToolbar.HbtHtmlMenuUI1 HKCRHbtTools.HbMain HKCRHbtTools.HbMain1
It keeps its settings in the system registry under HKCUSoftwareHbTools and HKLMSoftwareHbTools and in the folder %USERPROFILE%Application DataHbTools.Last update 21 November 2011
