SonicALERT
Search

Sonicwall Signatures

 

All Categories


  HuntBar Executable Download WToolsS.exe
HuntBar is a toolbar providing searching features, which is added to every new Internet Explorer and Windows Explorer window.

It also changes your home page and search bar settings to point to HuntBar's servers, and automatically opens this search bar when it detects you using any other search engine.

Comments:

TrafficSyndicate, the makers of HuntBar,
offer 'co-branded' versions of HuntBar which may be installed by other sites under a different name.

HuntBar sends the domain name of the site being viewed, the domain name of any site previously being viewed and the title and any keywords in the current page to its controlling servers whenever a new site is viewed. It does this even if the toolbar is not turned on.

However, it does not (currently) use a cookie or unique ID to track visits across sites.

HuntBar can silently download and execute arbitrary code, as an update feature.

Pay Load Consideration:
This program loads three core files into memory creating a fairly large drain on resources. The payload is very high as each file takes up 3 to 5 megs of ram on our test machines at an idle state. When surfing these processes can jump as high as 10 to 11 megs of memory and the cpu usage is nearly an increase of 15% when the product is installed.

Removal Instructions:

Unregister the files:
regsvr32 /u "C:\\Program Files\\Common Files\\MSIETS\\msiets.dll"
regsvr32 /u "C:\\Program Files\\Common Files\\MSIETS\\mslink.dll"
You also want to unregister all the dll's in the folder:
c:\\program files\\common files\\wintools\\

Look for a directory/folder at this location:
c:\\program files\\common files\\wintools\\
There will be three main file all running in memory. You'll need to end process on each of them before you can delete the folder.
The file names are
WSUP.exe
WToolsA.exe
Then delete them manually


Relevant Information