Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.Appztoolbar

Adware.Appztoolbar

Updated:
April 27, 2006
Risk Impact:
Low
Systems Affected:
Windows

Behavior

Adware.Appztoolbar is a search toolbar for Internet Explorer.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version February 01, 2005
  • Latest Daily Certified version January 26, 2015 revision 023
  • Initial Weekly Certified release date February 02, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Adware.Appztoolbar is a search toolbar for Internet Explorer.

When Adware.Appztoolbar is installed, it creates the following files:
%ProgramFiles%\Underground Toolbar\assniffer.log
%ProgramFiles%\Underground Toolbar\blank.bmp
%ProgramFiles%\Underground Toolbar\blankh.bmp
%ProgramFiles%\Underground Toolbar\btn1.bmp
%ProgramFiles%\Underground Toolbar\btn2.bmp
%ProgramFiles%\Underground Toolbar\btn3.bmp
%ProgramFiles%\Underground Toolbar\btnh1.bmp
%ProgramFiles%\Underground Toolbar\btnh2.bmp
%ProgramFiles%\Underground Toolbar\btnh3.bmp
%ProgramFiles%\Underground Toolbar\cookie.bmp
%ProgramFiles%\Underground Toolbar\cookieh.bmp
%ProgramFiles%\Underground Toolbar\hl.bmp
%ProgramFiles%\Underground Toolbar\hlh.bmp
%ProgramFiles%\Underground Toolbar\options.html
%ProgramFiles%\Underground Toolbar\search.bmp
%ProgramFiles%\Underground Toolbar\searchh.bmp
%ProgramFiles%\Underground Toolbar\taf.bmp
%ProgramFiles%\Underground Toolbar\tafh.bmp
%ProgramFiles%\Underground Toolbar\Underground Toolbarlogo.bmp
%ProgramFiles%\Underground Toolbar\Underground Toolbarlogoh.bmp
%ProgramFiles%\Underground Toolbar\update.cfg
%ProgramFiles%\Underground Toolbar\update.dll
%ProgramFiles%\Underground Toolbar\version.txt

It also creates the following files, which may be used by legitimate programs:
%Windir%\cwClean.bat
%Windir%\extract.exe

The risk then creates the following registry subkeys:
HKEY_CLASSES_ROOT\CLSID\{cca00000-0000-0000-0000-000000000000}
HKEY_CLASSES_ROOT\TypeLib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Underground Toolbar
HKEY_LOCAL_MACHINE\Software\Classes\interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f
HKEY_LOCAL_MACHINE\Software\Classes\Pugi.PugiObj
HKEY_LOCAL_MACHINE\Software\Classes\Pugi.PugiObj.1
HKEY_USERS\Software\CentralWare\IE Toolbar\Underground Toolbar
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cca00000-0000-0000-0000-000000000000}

It adds the following registry entry to ensure that the toolbar is loaded into the Internet Explorer browser:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\
"{cca00000-0000-0000-0000-000000000000}" = ""

It also adds the registry entry:
HKEY_USERS\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{cca00000-0000-0000-0000-000000000000}" = "00 00 a0 cc 00 00 00 00 00 00 00 00 00 00 00 00"

The program periodically updates itself from the appzplanet.com domain.