BrowserToolbar

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview
Summary:	An IE toolbar object which comes with various other components that act as adware and spyware.
Alias:	ausvc (after the filename of one of its components), Backdoor.Autoupder (Kaspersky Anti-Virus), Backdoor.Autoupder (Symantec), BrowseEvt (after the spyware component it installs), Downloader-W (McAfee), JS/Downloader-W, TROJ_SUA.A (Trend Anti-Virus), TrojanDownloader.Win32.Minstaller (KAV)
Category:	Adware: Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear to be assocaited with the product. Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.
Similar Pests:	Adware · Downloader
Origins
Group:	browsertoolbar.com
Vendor:	http://www.browsertoolbar.com/
URL:	http://www.browsertoolbar.com/
Date of Origin:	December, 2002
Distribution
Distribution:	Can be downloaded and installed from the manufacturer's site, but it is more likely to come as an affiliate's drive-by-download (ActiveX install). BrowserToolbar is known to have been installed at least once by exploiting a security flaw in Internet Explorer.
Prevalence:	BrowserToolbar: < 0.00005% More Info
Clot Factor:	BrowserToolbar: 13 The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.
Operation
Advertising:	Yes. Opens pop-up advertisements.
Risks
Privacy Issues:	Unknown. It has been alleged that the BrowseEvt component spies on URLs visited.
Security Issues:	Yes. BrowserToolbar downloads and installs updates to all its components silently, without code-signing.
Stability Issues:	Unknown
Detection and Removal
Automatic Removal:	PestPatrol detects this. PestPatrol removes this.
Manual Removal:	See http://www.browsertoolbar.com/removal.html
	Stop Running Processes: Kill these running processes with Task Manager: systemroot+\absr.exe systemroot+\abstr.exe systemroot+\ausvc.exe systemroot+\auupg.exe systemroot+\bvt.exe systemroot+\mnsvc.exe systemroot+\undo.exe
	Remove AutoRun Reference: Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\mnsvc, delete it and reboot the machine immediately. If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\sysscan, delete it and reboot the machine immediately.
	Clean Registry: Remove these registry items (if present) with RegEdit: HKEY_CLASSES_ROOT\clsid\{6541b981-2e27-46b1-a2cc-8264a75b74fe} HKEY_CLASSES_ROOT\clsid\{6d8b1b74-4ab8-473b-b479-253fa1936802} HKEY_CLASSES_ROOT\clsid\{868b015f-3515-44db-b0ad-182cd058985e} HKEY_CLASSES_ROOT\clsid\{9a05fe9b-5b52-4d13-a77d-fa7c38557a8e} HKEY_CLASSES_ROOT\clsid\{bae85c97-2cd4-45c3-a1ed-e4cef7c6aa52} HKEY_CLASSES_ROOT\clsid\{c76be992-2bc3-41a4-8b87-a8c01fe419a7} HKEY_CLASSES_ROOT\clsid\{f53c844a-d9c8-4e92-b923-c05b46c4a7e3} HKEY_LOCAL_MACHINE\software\classes\appid\{8b034058-08b0-4cb3-b2e8-60238b4967f2} HKEY_LOCAL_MACHINE\software\classes\clsid\{6541b981-2e27-46b1-a2cc-8264a75b74fe} HKEY_LOCAL_MACHINE\software\classes\clsid\{868b015f-3515-44db-b0ad-182cd058985e} HKEY_LOCAL_MACHINE\software\classes\clsid\{9a05fe9b-5b52-4d13-a77d-fa7c38557a8e} HKEY_LOCAL_MACHINE\software\classes\clsid\{bae85c97-2cd4-45c3-a1ed-e4cef7c6aa52} HKEY_LOCAL_MACHINE\software\classes\clsid\{c76be992-2bc3-41a4-8b87-a8c01fe419a7} HKEY_LOCAL_MACHINE\software\classes\clsid\{f53c844a-d9c8-4e92-b923-c05b46c4a7e3} HKEY_LOCAL_MACHINE\software\classes\clsid\{fbe091e5-df43-4ffb-aecc-7e3a3bc7b0d9} HKEY_LOCAL_MACHINE\software\classes\typelib\{6d8b1b74-4ab8-473b-b479-253fa1936802} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\mnsvc HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\sysscan
	Remove Files: Remove these files (if present) with Windows Explorer: systemroot+\absr.exe systemroot+\abstr.exe systemroot+\ausvc.exe systemroot+\auupg.exe systemroot+\bvt.exe systemroot+\coolstuff.ocx systemroot+\ea.bin systemroot+\mnsvc.exe systemroot+\mtbcd.bak systemroot+\undo.exe
Research
More Info:	McAfee's info page Trend's info page BrowserToolbar official site Salon's article about this pest Symantec's info page AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
Research By:	Andrew Clover PestPatrol's Pest Research Center
Last Revised:	April 15, 2005

BrowserToolbar

· Overview · · Origins · · Distribution · · Operation · · Risks · · Detection and Removal · · Research ·

Overview

Summary:

Alias:

Category:

Similar Pests:

Origins

Group:

Vendor:

URL:

Date of Origin:

Distribution

Distribution:

Prevalence:

Clot Factor:

Operation

Advertising:

Risks

Privacy Issues:

Security Issues:

Stability Issues:

Detection and Removal

Automatic Removal:

Manual Removal:

Research

More Info:

Research By:

Last Revised:

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·