Log in
Register
Menu
Log in
Register
Home
What's new
Latest activity
Authors
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
Smitfraud ?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Topper" data-source="post: 407307" data-attributes="member: 186250"><p><strong>Name: </strong>smitfraud-c.toolbar888</p><p><strong>Risk Impact: </strong>High</p><p><strong>Systems Affected: </strong>Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000</p><p><strong>Behavior</strong></p><p></p><p>888bar is an application that is a toolbar for Internet Explorer providing shortcuts to go to search engines, portals, and gambling Web sites. The software has reportedly been installed on computers without notice or consent and is a potentially unwanted program. </p><p></p><p></p><p><strong>Name: </strong>smitfraud-c.toolbar888</p><p><strong>Risk Impact: </strong>High</p><p><strong>Systems Affected: </strong>Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000</p><p>When 888bar is executed, it creates the following files:</p><ul> <li data-xf-list-type="ul">C:\Program Files\Common Files\{3839DF00-0D3F-1033-0729-050001}\888.dll</li> <li data-xf-list-type="ul">C:\Program Files\Common Files\{3839DF00-0D3F-1033-0729-050001}\Uninstall.dll</li> <li data-xf-list-type="ul">C:\Program Files\Common Files\{D8e9df00-0d3f-1033-0729-050001}\system.dll</li> <li data-xf-list-type="ul">C:\Program Files\Common Files\{D8e9df00-0d3f-1033-0729-050001}\Update.exe</li> </ul><p></p><p>Next, the program creates the following registry subkey:</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c004dec2-2623-438e-9ca2-c9043ab28508}</p><p></p><p>It then creates the following registry entries:</p><p>HKEY_CLASSES_ROOT\"LuckyToolbar.LuckytoolbarObj.1" = "888bar"</p><p>HKEY_CLASSES_ROOT\"LuckyToolbar.LuckytoolbarObj.a\CLSID" = "{c004dec2-2623-438e-9ca2-c9043ab28508}" </p><p>HKEY_CLASSES_ROOT\CLSID\{c004dec2-2623-438e-9ca2-c9043ab28508}\"ProgID" = "LuckyToolbar.LuckyToolbarObj.1"</p><p>HKEY_CLASSES_ROOT\CLSID\{c004dec2-2623-438e-9ca2-c9043ab28508}\"VersionIndependentProgID" = "LuckyToolbar.LuckyToolbarObj."</p><p>HKEY_CLASSES_ROOT\CLSID\{c004dec2-2623-438e-9ca2-c9043ab28508}\"InprocServer32" = "C:\Program Files\Common Files\{3839DF00-0D3F-1033-0729-050001}\888.dll"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib\"" = "{569304BA-83ED-4CFF-AC26-BE3E482F7208}"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib\"Version" = "1.0"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32\"" = "{00020424-0000-0000-C000-000000000046}"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid\"" = "{00020424-0000-0000-C000-000000000046}"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\"" = "ILuckyToolBarObj"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32\"" = "C:\Documents and Settings\Administrator\Desktop\888\ffff13bd_6e379d04.dll"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR\"" = "C:\Documents and Settings\Administrator\Desktop\888\"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS\"" = "0"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\"" = "888Bar 1.0 Type Library"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LuckyToolBar.LuckyToolBarObj\CurVer\"" = "LuckyToolBar.LuckyToolBarObj.1"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LuckyToolBar.LuckyToolBarObj\CLSID\"" = "{C004DEC2-2623-438e-9CA2-C9043AB28508}"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LuckyToolBar.LuckyToolBarObj.1\CLSID\"" = "{C004DEC2-2623-438e-9CA2-C9043AB28508}"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LuckyToolBar.LuckyToolBarObj\"" = "888Bar"</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LuckyToolBar.LuckyToolBarObj.1\"" = "888Bar"</p><p>HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{C004DEC2-2623-438E-9CA2-C9043AB28508}" = "C2 DE 04 C0 23 26 8E 43 9C A2 C9 04 3A B2 85 08"</p><p></p><p>The program then provides shortcuts to go to search engines, portals, and gambling Web sites.</p><p></p><p><a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-121916-5042-99&tabid=3" target="_blank">Here</a> is a link for the removal process it is too large to post</p></blockquote><p></p>
[QUOTE="Topper, post: 407307, member: 186250"] [B]Name: [/B]smitfraud-c.toolbar888 [B]Risk Impact: [/B]High [B]Systems Affected: [/B]Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000 [B]Behavior[/B] 888bar is an application that is a toolbar for Internet Explorer providing shortcuts to go to search engines, portals, and gambling Web sites. The software has reportedly been installed on computers without notice or consent and is a potentially unwanted program. [B]Name: [/B]smitfraud-c.toolbar888 [B]Risk Impact: [/B]High [B]Systems Affected: [/B]Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000 When 888bar is executed, it creates the following files: [LIST] [*]C:\Program Files\Common Files\{3839DF00-0D3F-1033-0729-050001}\888.dll [*]C:\Program Files\Common Files\{3839DF00-0D3F-1033-0729-050001}\Uninstall.dll [*]C:\Program Files\Common Files\{D8e9df00-0d3f-1033-0729-050001}\system.dll [*]C:\Program Files\Common Files\{D8e9df00-0d3f-1033-0729-050001}\Update.exe[/LIST] Next, the program creates the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c004dec2-2623-438e-9ca2-c9043ab28508} It then creates the following registry entries: HKEY_CLASSES_ROOT\"LuckyToolbar.LuckytoolbarObj.1" = "888bar" HKEY_CLASSES_ROOT\"LuckyToolbar.LuckytoolbarObj.a\CLSID" = "{c004dec2-2623-438e-9ca2-c9043ab28508}" HKEY_CLASSES_ROOT\CLSID\{c004dec2-2623-438e-9ca2-c9043ab28508}\"ProgID" = "LuckyToolbar.LuckyToolbarObj.1" HKEY_CLASSES_ROOT\CLSID\{c004dec2-2623-438e-9ca2-c9043ab28508}\"VersionIndependentProgID" = "LuckyToolbar.LuckyToolbarObj." HKEY_CLASSES_ROOT\CLSID\{c004dec2-2623-438e-9ca2-c9043ab28508}\"InprocServer32" = "C:\Program Files\Common Files\{3839DF00-0D3F-1033-0729-050001}\888.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib\"" = "{569304BA-83ED-4CFF-AC26-BE3E482F7208}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib\"Version" = "1.0" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32\"" = "{00020424-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid\"" = "{00020424-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\"" = "ILuckyToolBarObj" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32\"" = "C:\Documents and Settings\Administrator\Desktop\888\ffff13bd_6e379d04.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR\"" = "C:\Documents and Settings\Administrator\Desktop\888\" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS\"" = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\"" = "888Bar 1.0 Type Library" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LuckyToolBar.LuckyToolBarObj\CurVer\"" = "LuckyToolBar.LuckyToolBarObj.1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LuckyToolBar.LuckyToolBarObj\CLSID\"" = "{C004DEC2-2623-438e-9CA2-C9043AB28508}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LuckyToolBar.LuckyToolBarObj.1\CLSID\"" = "{C004DEC2-2623-438e-9CA2-C9043AB28508}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LuckyToolBar.LuckyToolBarObj\"" = "888Bar" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LuckyToolBar.LuckyToolBarObj.1\"" = "888Bar" HKEY_USERS\S-1-5-21-1960408961-507921405-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{C004DEC2-2623-438E-9CA2-C9043AB28508}" = "C2 DE 04 C0 23 26 8E 43 9C A2 C9 04 3A B2 85 08" The program then provides shortcuts to go to search engines, portals, and gambling Web sites. [URL="http://www.symantec.com/security_response/writeup.jsp?docid=2006-121916-5042-99&tabid=3"]Here[/URL] is a link for the removal process it is too large to post [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
Smitfraud ?
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top