Emsisoft Malware-Info

Name: Adware.Toolbar888

Beschreibung:

1
1. General
Malware name: Toolbar888
Malware Type: Adware
Company Name/URL: http://freeprod.com/
Company Description: Freeprod.com
Installs silently along with other adware and spyware programs. Adds an IE toolbar. It is also known as Bundleware.Freeprod Toolbar or FreeProd Toolbar.
Freeprod free products installs an Internet Explorer Toolbar, often bundled with other potentially unwanted software such as emotion smiley, games etc.

Characteristics/Symptoms:

  • Keeps watch on the user�s browsing activity
  • Shows popup messages.
  • Slows the browser
  • Changes the browser�s search settings
  • Installs other bundle programs
  • Installs silently and works in background


Security Level: High
Operating OS: WIN XP
Installation Type: Installed through EXE
Operation: After Installation
Time of Operation: After browser restart.

Screenshot:



2. Installation Sample and Image

2.1. Installation Sample

Installs silently with other bundler software such as free games, smiley etc.




Origin URL:

http://media.freeprod.com/mc-59-627-0000061.exe

3. Changes after installation

3.1. Process: freeprodtb.exe
Files and Location: C:\Program Files\Common Files\InetGet\freeprodtb.exe

3.2 Directories:

Toolbar888 Installer creates following directories:

C:\Program Files\Toolbar888
C:\Program Files\Toolbar888\Cache
C:\Program Files\Common Files\InetGet

4. File information Created after Installation

File Location
File Size
File Type
How To Treat

C:\Program Files\Toolbar888\basis.xml
9477 Bytes
XML Document
DELETE

C:\Program Files\Toolbar888\basis.xmlold
7051 Bytes
XMLOLD File
DELETE

C:\Program Files\Toolbar888\icons.bmp
44598 Bytes
Bitmap Image
DELETE

C:\Program Files\Toolbar888\installed.html
97 Bytes
HTML File
DELETE

C:\Program Files\Toolbar888\logo.bmp
5094 Bytes
Bitmap Image
DELETE

C:\Program Files\Toolbar888\ToolBar888.crc
125 Bytes
CRC File
DELETE

C:\Program Files\Toolbar888\ToolBar888.dll
544768 Bytes
Application Extension
DELETE

C:\Program Files\Toolbar888\version.txt
44 Bytes
Text Document
DELETE

C:\Program Files\Common Files\InetGet\freeprodtb.exe
250463 Bytes
Application
DELETE


4.2. Registry information After Installation

Location
Key
How to Treat

HKEY_CLASSES_ROOT
CLSID\{77FBF9B8-1D37-4FF2-
9CED-192D8E3ABA6F}
DELETE

HKEY_CLASSES_ROOT
XBTB04715.XBTB04715
DELETE

HKEY_CLASSES_ROOT
XBTB04715.XBTB04715.1
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\SiteAllow
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar\
Historycmb_search
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar\
tb_items
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar\
tb_items
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar\
tb_items
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar\
tb_items
DELETE

HKEY_CURRENT_USER
Software\XBTB04715\Toolbar\
tb_items
DELETE

HKEY_LOCAL_MACHINE
SOFTWARE\Classes\CLSID\
{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}
DELETE

HKEY_LOCAL_MACHINE
SOFTWARE\Classes\XBTB047
15.XBTB04715
DELETE

HKEY_LOCAL_MACHINE
SOFTWARE\Classes\XBTB0471
5.XBTB04715.1
DELETE

HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\
Windows
\CurrentVersion\Uninstall\
XBTB04715
.XBTB04715Toolbar
DELETE

HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\
Windows\
CurrentVersion\Uninstall\
XBTB04715
.XBTB04715Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
SiteAllow
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-1
214440339-839522115-1003\Software\XBTB04715\
Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715
\Toolbar
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715
\Toolbar\
Historycmb_search
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715
\Toolbar
\tb_items
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715
\Toolbar
\tb_items
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715
\Toolbar
\tb_items
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
Toolbar
\tb_items
DELETE

HKEY_USERS
S-1-5-21-1801674531-
1214440339-839522115-1003\Software\XBTB04715\
Toolbar\
tb_items
DELETE



5. Description:

Installs silently along with other adware and spyware programs. Adds an IE toolbar. It is also known as Bundleware.Freeprod Toolbar or FreeProd Toolbar.
Freeprod free products installs an Internet Explorer Toolbar, often bundled with other potentially unwanted software such as emotion smiley, games etc.

Manual Removal of Toolbar888

Method 1:
  1. Click Start > Settings > Control Panel.
  2. Open Add/Remove Programs.
  3. From the program list, select the entry Toolbar888 and then click Change/Remove to remove the program.
  4. Restart system to complete the uninstall process.




Method 2:
  1. Remove the Internet connection and close all browser windows.
  2. Press Ctrl + Alt + Del to start the Task Manager.
  3. Under the processes tab select freeprodtb.exe and click on End Process, repeat the step until no such process is running.
  4. Unregister DLLs:


C:\Program Files\Toolbar888\ToolBar888.dll

To unregister the DLL
Open a DOS command prompt window
(Select Start->Programs->Accessories->Command Prompt)

Use the following commands:
Change to destination directory using DOS command cd
cd �Directory Name�

Unregister DLL�s using command regsvr32 /u
regsvr32 /u �FileName with full path�

   5.    Click on Start > Run, type REGEDIT and click Ok to start the Registry Editor.

   6.    Delete the Registry entries for Toolbar888.

   7.    Delete Directories �C:\Program Files\Toolbar888� and �C:\Program Files\Common Files\InetGet�.

   8.   Restart System.

   9.   Open Internet Explorer, from the main menu select Tools > Internet Options under the programs tab select Reset Web Settings to restore homepage and search settings.


Anleitung zum Entfernen von Adware Toolbar888:

Um diese Malware-Infektion zu löschen, downloaden und installieren Sie bitte Emsisoft Anti-Malware. Führen Sie einen Scan aller Laufwerke durch und verschieben Sie gefundene Objekte in die Quarantäne.

Mehr Datails zu dieser Bedrohung:

Weiterführende Links:

Bei Google nach Adware Toolbar888 suchen Bei Google nach Adware Toolbar888 suchen
Bei Bing nach Adware Toolbar888 suchen Bei Bing nach Adware Toolbar888 suchen
Bei Yahoo nach Adware Toolbar888 suchen Bei Yahoo nach Adware Toolbar888 suchen

Wie schützt man sich am besten vor Adware Toolbar888?

Wichtig!
Sie benötigen unbedingt eine Antivirensoftware, die nicht nur Infektionen löschen kann, sondern Ihren PC dauerhaft vor neuen Bedrohungen schützen kann. Nur so sind Sie sicher vor Datendiebstahl und unnötigem Ärger und Kosten durch Neu-Installationen des Betriebssystems.

Kaufen Sie am besten noch heute die vielfach ausgezeichnete Schutzsoftware Emsisoft Anti-Malware!

Nur 30 Euro für die Sicherheit Ihres Computers.

Emsisoft Anti-Malware online bestellen:

Emsisoft Anti-Malware Kaufen

Vertrauen Sie nur auf die beste Schutzsoftware!

Testsieger!

Testsieg für Emsisoft Anti-Malware beim Antiviren-Vergleichstest von MRG - Malware Research Group - Juni 2009
Mehr unabhängige Testberichte von Anti-Malware Software