Threat Information for "Elite Toolbar"
| Summary | Top |
- Name: Elite Toolbar
- Aliases:TR/Spy.Agent.HI, Win32:Trojan-gen.{Other}, PSW.Agent.BQW, Trojan.DownLoader.7025, Win32/SillyDL.8un!Trojan, Win32/SillyDl.APB
- Date Discovered: 2006-09-11
- Protection Added: 2006-09-12
| Description | Top |
-- Ease of Removal 1: Uses rootkit functionality 2: Hides running processes 3: Hides files 4: Hides registry entries 5: Runs as a BHO or shell extension 6: Uses running processes 7: Consistent file contents 8: Consistently named 9: Creates new registry entries with consistent data -- Damage/Intrusion/Annoyance 1: Displays targeted popup advertisements 2: Creates new files 3: Changes browser search settings 4: Changes personal browser settings 5: Autoruns at startup without an option to be disabled 6: Displays a toolbar 7: Creates user-visible icons -- Propagation/Saturation 1: Infects by Silent Active-X Control 2: Installed by other infections 3: Bundled with third-party applications 4: Infects by Active-X Control
| Technical Details | Top |
- Added Directory/File:
FilePath: %WINDIR%\EliteToolBar\xml - Added Directory/File:
FilePath: %WINDIR%\etb\xml\default.tbr - Added Directory/File:
FilePath: %SYSTEMDIR%\drivers\etc\OldHosts - Added Directory/File:
FilePath: %CACHE%\kwl*.exe - Added Directory/File:
FilePath: %CACHE%\em*.ocx - Added Directory/File:
FilePath: %WINDIR%\EliteSideBar\EliteSideBar*.dll - Added Directory/File:
FilePath: %WINDIR%\elitemediagroup.ini - Added Directory/File:
FilePath: %SYSTEMDIR%\kalvfaw32.exe - Added Directory/File:
FilePath: %WINDIR%\etb\xml\adult.tbr - Added Directory/File:
FilePath: %WINDIR%\eliteerror*.dat - Added Directory/File:
FilePath: %CACHE%\sideb* - Added Directory/File:
FilePath: %ROOTDRIVE%asdf.txt - Added Directory/File:
FilePath: %SYSTEMDIR%\EliteBar - Added Directory/File:
FilePath: %WINDIR%\etb\xml - Added Directory/File:
FilePath: %SYSTEMDIR%\elit*.exe FileSize: 15872 MD5: bcca7f61e2095e80521131c763db3c46 - Added Directory/File:
FilePath: %WINDIR%\etb\nt_hide??.dll - Added Directory/File:
FilePath: %WINDIR%\shch.exe - Added Directory/File:
FilePath: %USERFAVORITES%\Health & Insurance - Added Directory/File:
FilePath: %CACHE%\elt*.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\EliteToolBar - Added Directory/File:
FilePath: %WINDIR%\etb\xml\search.mnu - Added Directory/File:
FilePath: %SYSTEMDIR%\elite???32.exe - Added Directory/File:
FilePath: %WINDIR%\????????????????????????????????.ini - Added Directory/File:
FilePath: %WINDIR%\etb\etb.ini - Added Directory/File:
FilePath: %SYSTEMDIR%\config\systemprofile\Favorites\Links - Added Directory/File:
FilePath: %USERFAVORITES%\Casino & Carrers - Added Directory/File:
FilePath: %CACHE%\pokapoka*.exe - Added Directory/File:
FilePath: %WINDIR%\EliteToolBar - Added Directory/File:
FilePath: %WINDIR%\etb\xml\images - Added Directory/File:
FilePath: %SYSTEMDIR%\eliteerror32.dat - Added Directory/File:
FilePath: %WINDIR%\affbun.txt - Added Directory/File:
FilePath: %WINDIR%\EliteSideBar\* - Added Directory/File:
FilePath: %WINDIR%\eliteunstall.exe - Added Directory/File:
FilePath: %TEMPDIR%\suicidetb.exe - Added Directory/File:
FilePath: %WINDIR%\EliteToolBar\xml\* - Added Directory/File:
FilePath: %WINDIR%\etb\xml\categories - Added Directory/File:
FilePath: %WINDIR%\sideb.exe - Added Directory/File:
FilePath: %CACHE%\elite* - Added Directory/File:
FilePath: %CACHE%\eliteunstall*.exe - Added Directory/File:
FilePath: %WINDIR%\EliteToolBar\EliteToolBar*.dll - Added Directory/File:
FilePath: %WINDIR%\etb - Added Directory/File:
FilePath: %SYSTEMDIR%\elite*.exe - Added Directory/File:
FilePath: %WINDIR%\etb\pokapoka??.exe - Added Directory/File:
FilePath: %WINDIR%\PROTECTOR_UPDATE.EXE - Added Directory/File:
FilePath: %USERFAVORITES%\Homelife & Travel - Added Directory/File:
FilePath: %CACHE%\setup_file*.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\EliteBar\* - Added Directory/File:
FilePath: %WINDIR%\etb\xud_??.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\elite*.dat - Added Directory/File:
FilePath: %WINDIR%\etb\etl - Added Directory/File:
FilePath: %WINDIR%\msnmsgq.exe - Added Directory/File:
FilePath: %USERFAVORITES%\Finances & Business - Added Directory/File:
FilePath: %CACHE%\silent_setup*.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\EliteToolBar\* - Added Directory/File:
FilePath: %WINDIR%\etb\xml\images\*.bmp - Added Directory/File:
FilePath: %SYSTEMDIR%\kalv???32.exe - Added Directory/File:
FilePath: %WINDIR%\tempf.txt - Added Directory/File:
FilePath: %WINDIR%\EliteSideBar - Added Directory/File:
FilePath: %WINDIR%\em.ocx - Added Directory/File:
FilePath: %TEMPDIR%\uninstall.exe - Added Registry Key:
Key: HKCU\Software\LQ - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647} - Added Registry Key:
Key: HKCR\Interface\{A9B28EF6ABF3463BA3D84D0D0BADFADC} - Added Registry Key:
Key: HKLM\Software\CLASSES\TypeLib\{CA9FC 31A6F354493B629E64BD6170A17} - Added Registry Key:
Key: HKLM\SOFTWARE\em - Added Registry Key:
Key: HKCR\CGBand.UICGBandObj.1 - Added Registry Key:
Key: HKCR\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} - Added Registry Key:
Key: HKLM\Software\CLASSES\CLSID\{BE8D005 9D24D4919B76F99F4A2203647} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC} - Added Registry Key:
Key: HKLM\SOFTWARE\Elitum\EliteSideBar - Added Registry Key:
Key: HKCR\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41} - Added Registry Key:
Key: HKCR\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD} - Added Registry Key:
Key: HKLM\Software\CLASSES\CLSID\{825CF5B D-8862-4430-B771-0C15C5CA880F} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{DB312456-E762-4369-844A-AED9006B1B2F} - Added Registry Key:
Key: HKCR\CGBand.BHO.1 - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} - Added Registry Key:
Key: HKCR\TypeLib\{8AA59E15-6E81-415C-B299-1ADFB50C8E1A} - Added Registry Key:
Key: HKLM\%BHOREG%\{825CF5BD88624430B7710C15C5CA880F} - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\elitemediagroup - Added Registry Key:
Key: HKCR\CLSID\{0A1D22C3-37BE-470C-9C29-E3074EE0574B} - Added Registry Key:
Key: HKCR\CLSID\{BE8D0059D24D4919B76F99F4A2203647} - Added Registry Key:
Key: HKLM\Software\CLASSES\CLSID\{28CAEFF 3-0F18-4036-B504-51D73BD81ABC} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52} - Added Registry Key:
Key: HKLM\Software\Microsoft\DownloadMana ger - Added Registry Key:
Key: HKLM\SOFTWARE\Elitum\EliteToolBar - Added Registry Key:
Key: HKCR\Interface\{CAAB3B3F-E815-47D9-94FD-8BB9143C0077} - Added Registry Key:
Key: HKLM\%BHOREG%\{ED103D9F30704580AB1EE5C179C1AE41} - Added Registry Key:
Key: HKCR\PLOT.PlotCtrl.1 - Added Registry Key:
Key: HKCR\CLSID\{28CAEFF30F184036B50451D73BD81C3A} - Added Registry Key:
Key: HKLM\Software\CLASSES\CLSID\{825CF5B D88624430B7710C15C5CA880F} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A} - Added Registry Key:
Key: HKLM\Software\Elitum - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41} - Added Registry Key:
Key: HKCR\Interface\{276B0903-EB4B-46FF-8304-F093DEF69DE7} - Added Registry Key:
Key: HKLM\%BHOREG%\{28CAEFF30F184036B50451D73BD81ABC} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\mm06ocx.mm06ocxf - Added Registry Key:
Key: HKCR\CGBand.CGBandObj - Added Registry Key:
Key: HKCR\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} - Added Registry Key:
Key: HKLM\Software\CLASSES\CLSID\{ED103D9 F30704580AB1EE5C179C1AE41} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{DBF33E89-1784-42AC-ADE4-A428F56550A3} - Added Registry Key:
Key: HKLM\SOFTWARE\ohbbackup\EliteSideBar - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{0A1D22C3-37BE-470C-9C29-E3074EE0574B} - Added Registry Key:
Key: HKCR\CLSID\{A74CD7DD-EA6F-11D4-ABF3-000102378429} - Added Registry Key:
Key: HKLM\Software\CLASSES\Interface\{A9B 28EF6ABF3463BA3D84D0D0BADFADC} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\TypeLib\{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9} - Added Registry Key:
Key: HKCR\CGBand.UICGBandObj - Added Registry Key:
Key: HKLM\%BHOREG%\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} - Added Registry Key:
Key: HKCR\TypeLib\{CA9FC31A6F354493B629E64BD6170A17} - Added Registry Key:
Key: HKLM\%BHOREG%\{28CAEFF30F184036B50451D73BD81C3A} - Added Registry Key:
Key: HKLM\SOFTWARE\ohbbackup\EliteToolBar - Added Registry Key:
Key: HKCR\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647} - Added Registry Key:
Key: HKCR\CLSID\{ED103D9F30704580AB1EE5C179C1AE41} - Added Registry Key:
Key: HKLM\Software\CLASSES\CLSID\{825CF5B D-8862-4430-B771-0C15C5CA8DEF} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8} - Added Registry Key:
Key: HKCR\CGBand.BHO - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} - Added Registry Key:
Key: HKCR\Interface\{ED646219-20BF-41E5-80FD-EE49021DA599} - Added Registry Key:
Key: HKLM\%BHOREG%\{0A1D22C337BE470C9C29E3074EE0574B} - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\EliteBar Internet Explorer Toolbar - Added Registry Key:
Key: HKLM\SOFTWARE\Elitum - Added Registry Key:
Key: HKCR\CLSID\{825CF5BD88624430B7710C15C5CA880F} - Added Registry Key:
Key: HKLM\Software\CLASSES\CLSID\{28CAEFF 30F184036B50451D73BD81C3A} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\Interface\{41E1565D-B7A8-4251-BD79-E6C5FACB2B5F} - Added Registry Key:
Key: HKLM\SOFTWARE\ohbbackup - Added Registry Key:
Key: HKLM\%BHOREG%\{ED103D9F-3070-4580-AB1E-E5C179C1AE41} - Added Registry Key:
Key: HKCR\Interface\{4AFF987A-773B-48E4-AEE8-08EBDDBDADF8} - Added Registry Key:
Key: HKLM\%BHOREG%\{BE8D0059D24D4919B76F99F4A2203647} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{5526B4C6-63D6-41A1-9783-0FABF529859A} - Added Registry Key:
Key: HKCR\CGBand.CGBandObj.1 - Added Registry Key:
Key: HKCR\CLSID\{0A1D22C337BE470C9C29E3074EE0574B} - Added Registry Key:
Key: HKLM\Software\CLASSES\CLSID\{0A1D22C 337BE470C9C29E3074EE0574B} - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: kalvsys - Added Registry Value:
Key: HKLM\%BHOREG% Value: {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: System service?? - Added Registry Value:
Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar Value: {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Internet Settings\User Agent\Post Platform Value: iebar - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: ELITE - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: msnmsgq32 - Added Registry Value:
Key: HKCU\Software\Microsoft\Internet Explorer Value: SearchURL - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: antiware - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Internet Settings\User Agent\Post Platform Value: iebar - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Internet Settings\User Agent\Post Platform Value: acc=none - Added Registry Value:
Key: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser Value: {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: SheduIer - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %WINDIR%\etb\pokapoka??.exe - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\ELITED*.EXE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\elite
