Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.ContextualToolbar

Adware.ContextualToolbar

Updated:
July 19, 2006
Risk Impact:
Medium
Systems Affected:
Windows

Behavior

Adware.ContextualToolbar is a security risk that installs an Internet Explorer toolbar. The toolbar displays search functionality which when used will redirect the user to a search site that will display advertised results relating to the users search.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version October 02, 2014 revision 022
  • Initial Daily Certified version July 12, 2006
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date July 12, 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Adware.ContextualToolbar is a security risk that installs an Internet Explorer toolbar. The toolbar displays search functionality which when used will redirect the user to a search site that will display advertised results relating to the users search.

When the risk is first installed, it launches Internet Explorer and creates a new toolbar.

The risk creates the following folders:
%ProgramFiles%\ContextualToolbar
%ProgramFiles%\ContextualToolbar\Cache

The risk then creates the following files in the folders:
basis.xml
icons.bmp
mini_logo_new2.bmp
toolbar.crc
toolbar.dll
version.txt

The risk creates the following registry entry so that the toolbar runs every time Windows starts:
HKEY_CLASSES_ROOT\CLSID\{9F9f7a6f30-90c3-4222-af59-c73467018f59}\Inprocserver32\"Default" = "c:\Program Files\ContextualToolbar\toolbar.dll"

The risk then creates the following registry entry to change the security settings in Internet Explorer, allowing active content to run in files on the computer.
HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\"iexplore.exe" = "0"

The risk also creates the following registry entry:
HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{9f7a6f30-90c3-4222-af59-c73467018f59}"

The risk creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f7a6f30-90c3-4222-af59-c73467018f59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0eb37db-33de-4448-a124-233b9a43f064}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{65bb0e9a-d57b-485b-828b-15d1b8c3e9d3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ab5c05ae-a2b0-45c3-bae9-ba2f082343a6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Typelib\{b9799a6c-ffc4-44eb-a8b0-71eb09e6ad3b}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolband.XBTB09298
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolband.XBTB09298.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB09298.IEToolBar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB09298.IEToolBar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB09298.XBTB09298
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB09298.XBTB09298.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eoeb37db-33de-4448-a124-233b9a43f064}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB09298.XBTB09298Toolbar
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9F7A6F30-90C3-4222-AF59-C73467018F59}
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e0eb37db-33de-4448-a124-233b9a43f064}
HKEY_ALL_USERS\Software\XBTB09298