CustomToolbar

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 CustomToolbar is an Internet Explorer toolbar made using toolbar creation software from customtoolbar.com.

Category:

Hijacker: Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.

Browser Helper Object: (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.

Toolbar: A group of buttons which perform common tasks. A toolbar for Internet Explorer is nomally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects.

Variants:
  • CustomToolbar/Mojo

    • Similar Pests:

    		 Hijacker · Browser Helper Object · Toolbar

    Origins

    Date of Origin:

    		 June, 2003

    Distribution

    Distribution:

    		 The Mojo variant is installed by ActiveX drive-by download on pop-up ads served through Standard Internet. It is known to have used an Internet Explorer security exploit to install automatically without prompting; some anti-virus software may detect this exploit as JS.Exception.

    Prevalence:
  • CustomToolbar: < 0.00005%
    • More Info

    Clot Factor:
  • CustomToolbar: < 1

    • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Operation

    Advertising:

    		 Yes, can open untargeted pop-up ads as directed by its controlling server (which is contacted when a new IE window is opened).

    Browser Performance:

    		 Likely to slow performance of Internet Explorer.

    Risks

    Security Issues:

    		 In the software itself, no. However the security exploit often used to install the Mojo variant is an extreme security risk: it enables all ActiveX security settings, allowing any web page to run any code at all (even unsigned code) without prompting.

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove CustomToolbar from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Unregister DLLs:

    Unregister these DLLs with Regsvr32, then reboot:

    Clean Registry:

    Remove these registry items (if present) with RegEdit:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Restore Settings:

    After following the instructions above, you will still need to restore your original settings and prevent this from happening again. Here''s how.

    Research

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 15, 2005