ZHPDiag – Module O3 (Browsers toolbar)

The O3 from ZHPDiag module addresses the toolbars (toolbars) the Microsoft Internet Explorer browser. Research is carried out in the key Base of registers.

The toolbar allows to share content, to do quick searches, to launch applications and many other things. Some toolbars are considered to be harmful because they can change your navigation without your consent settings (Browser Hijacker).


Toolbar (Toolbar)

A toolbar, English or a Toolbar, presents itself as a row of buttons or columns that allow access to various features. The interface of internet browsers is specially designed to receive toolbars. The toolbar allows to share content, to do quick searches, to launch applications and many other things. It's almost the Swiss army knife of the browser, but be careful not to abuse their number. Toolbars fall into several categories, protectors, legitimate, intrusive and harmful.

Protective toolbars

It's legitimate toolbars useful browser protection, They generally come from your resident antivirus installation (for example Avira).

Legitimate toolbars

The installation of several legitimate toolbars can significantly slow down your internet browsing speed and clutter the browser interface.

The intrusive toolbars

Some bars can be installed with or without your consent via some download sites that practice software packaging. They may collect your browsing habits and communicate them to a server. These information are sold and used by companies who practice a commercial targeting. Eventually advertising campaigns are periodically available during navigation, with banners and popup advertising (Spyware). Redirects to legitimate sites are frequent.

Harmful toolbars

Some toolbars are considered to be harmful because they can change your navigation without your consent settings (Hijacker). It is usually replacement of the start and search for all installed browsers pages. They can also identify installed software (Trackware) to increase abusive online marketing revenue. Eventually advertising campaigns are always available during navigation, with banners and popup advertising (Spyware). Redirects to malware sites are constant. Harmful software protection and optimization suggestions are fairly common.
Search in the following key of Base of registers :
[HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar]

-It displays the owner and the name of the file. In the absence of key to registry and file, and so owner and description of the file, There are display of the mention an orphan key. The orphan key usually come from a poorly done software uninstall or a partial disinfection.

Overview ZHPDiag

-------Internet Explorer toolbars (O3)
O3 – Toolbar: ALOT Toolbar- {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} -C:\Program Filesalotbinalot.dll
O3 – Toolbar: ALOT Toolbar- {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} . (...) -C:\Program Filesalotbinalot.dll
O3 – Toolbar: (name no.) -. {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} An orphan key

Example of detection

-------Internet Explorer Toolbars (O3)
O3 – Toolbar: Searchqu Toolbar- {7FF99715-3016-4381-84CE-E4E4C9673020} . (.. -Searchqu Toolbar Link Library.) -C:\Program FilesWindows Searchqu ToolbarToolBarSearchquDx.dll
O3 – Toolbar: Searchqu Toolbar- {99079a25-328f-4bd4-be04-00955acaa0a7} . (.. – dtx Dynamic Link Library.) -C:\PROGRA~1WI371A~1DatamngrToolBarsearchqudtx.dll
O3 – Toolbar: Searchqu Toolbar- {99079a25-328f-4bd4-be04-00955acaa0a7} . (.dtx Dynamic Link Library.) -C:\Program FilesWindows iLivid ToolbarDatamngrToolBarsearchqudtx.dll

Action ZHPFix (General case)

O3 – Toolbar: {Startup} -. {CLSIDValue} . (...) — {FileName}

{Key} : Registry key [HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar]
{Startup} : Default value of the key [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CLSIDValue}]
{CLSIDValue} : CLSID of the key value {Key}
{FileName} : The default value of the key data [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CLSIDValue}\InProcServer32]

1) The tool deletes the key value {CLSIDValue} of the key {Key}
2) The tool deletes the key [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CLSIDValue}] 3) The tool deletes the key [HKEY_CLASSES_ROOTCLSID{CLSIDValue}] 4) The tool deletes the file {FileName}

Action ZHPFix (Case of an orphan key)

O3 – Toolbar: (name no.) -. {CLSIDValue} An orphan key

{Key} : Registry key [HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar]
{Startup} : Default value of the key [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CLSIDValue}]
{CLSIDValue} : CLSID of the key value {Key}
{FileName} : The default value of the key data [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CLSIDValue}\InProcServer32]

1) The tool deletes the key value {CLSIDValue} of the key {Key}
2) The tool deletes the key [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CLSIDValue}] 3) The tool deletes the key [HKEY_CLASSES_ROOTCLSID{CLSIDValue}]

Report ZHPFix (General case)

O3 – Toolbar: ALOT Toolbar- {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} . (.No owner - no description.) -C:\Program Filesalotbinalot.dll

Report of ZHPFix v1.12.3133 by Nicolas Coolman, Update of the 02/08/2010

= Value(s) the registry =.
O3 – Toolbar: ALOT Toolbar- {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} . (.No owner - no description.) -C:\Program = Filesalotbinalot.dll> Value deleted successfully

= Key(s) the registry =.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}] => Key deleted successfully
[HKCRCLSID{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}] => Key deleted successfully

= File(s) ==========
C:\Program = Filesalotbinalot.dll> Deleted and quarantined

= Summary =.
2 : Key(s) the registry
1 : Value(s) the registry
1 : File(s)

Report ZHPFix (Case of an orphan key)

O3 – Toolbar: (name no.) -. {00000000-17A6-11D0-99CB-00C04FD64497} An orphan key

Report of ZHPFix v1.12.3155 by Nicolas Coolman, Update of the 20/09/2010

= Key(s) the registry =.
O3 – Toolbar: (name no.) -. {00000000-17A6-11D0-99CB-00C04FD64497} An orphan key => Key deleted successfully
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{00000000-17A6-11D0-99CB-00C04FD64497}] => Key deleted successfully
[HKCRCLSID{00000000-17A6-11D0-99CB-00C04FD64497}] => Key deleted successfully

= Summary =.
3 : Key(s) the registry