CashToolbar

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview
Summary:	CashToolbar consists of an IE toolbar containing links and search features that also spawns advertisements, and a process started with Windows to download updates.
Category:	Adware: Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear to be assocaited with the product.
Similar Pests:	Adware
Origins
Group:	CashToolbar
Vendor:	CashToolbar
URL:	http://www.cashtoolbar.com/
Date of Origin:	December, 2002
Distribution
Distribution:	Currently unknown, does not appear to be widespread.
Operation
Advertising:	Yes. Periodically opens pop-up advertisements.
Risks
Privacy Issues:	No
Security Issues:	Yes. Can download and install arbitrary unsigned code as an update feature.
Stability Issues:	No.
Detection and Removal
Automatic Removal:	PestPatrol detects this. PestPatrol removes this.
Manual Removal:	From the Control Panel's Add/Remove Programs feature, remove the entry for 'BrowserAid' or 'CashToolbar'. The software installs into the 'Downloaded Program Files' folder, and puts its settings into a 'CashToolbar' folder in 'Program Files'. Before you can delete the files you must deregister the toolbar. Open a DOS command prompt window (Start->Programs->Accessories) and enter: cd "%WinDir%\System" regsvr32 /u "..\Downloaded Program Files\CashToolbarIE.dll" Then open the registry and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the entry pointing to CashToolbar.exe. Restart the machine and you should be able to delete both 'Program Files\CashToolbar' and the Downloaded Program Files: del "%WinDir%\Downloaded Program Files\CashToolbarIE.dll" del "%WinDir%\Downloaded Program Files\CashToolbar.exe" del "%WinDir%\Downloaded Program Files\CashToolbarConfig.ini" del "%WinDir%\Downloaded
	Stop Running Processes: Kill these running processes with Task Manager: systemroot+\downloaded program files\cashtoolbar.exe
	Unregister DLLs: Unregister these DLLs with Regsvr32, then reboot: programfilesdir+\cashtoolbar\cashtoolbarie.dll systemroot+\downloaded program files\cashtoolbarie.dll
	Remove Files: Remove these files (if present) with Windows Explorer: programfilesdir+\cashtoolbar\cashtoolbarie.dll systemroot+\downloaded program files\cashtoolbar.exe systemroot+\downloaded program files\cashtoolbarconfig.ini systemroot+\downloaded program files\cashtoolbarie.dll
	Remove Directories: Remove these directories (if present) with Windows Explorer: programfilesdir+\cashtoolbar
Research
More Info:	AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
Research By:	Andrew Clover PestPatrol's Pest Research Center
Last Revised:	January 25, 2005

CashToolbar

· Overview · · Origins · · Distribution · · Operation · · Risks · · Detection and Removal · · Research ·

Overview

Summary:

Category:

Similar Pests:

Origins

Group:

Vendor:

URL:

Date of Origin:

Distribution

Distribution:

Operation

Advertising:

Risks

Privacy Issues:

Security Issues:

Stability Issues:

Detection and Removal

Automatic Removal:

Manual Removal:

Research

More Info:

Research By:

Last Revised:

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·