ADW_SUPERBAR.A
概要
対応方法
感染状況
クイックリンク  
感染報告の有無 : なし
感染報告 :   低

Description:

Alias: APP:Adware-Kazoom (NAI)

Threat Type: Adware

Systems Affected: Windows 98, ME, 2000, and XP.

Installer Name: SuperBarInstaller.exe

Publisher: Gigatech

Download URL: GigatechSoftware.com

This adware program is a toolbar application used as an Internet Explorer plugin. Upon execution, this adware program drops the following files:

  • %Program%\SuperBar\SuperBarExts.Dll
  • %Program%\SuperBar\SuperBar.Dll
  • %Program%\SuperBar\settings.cfg
  • %Program%\SuperBar\sbhc.exe

(Note: %Program% is the default Windows program files folder where applications are installed, which is usually C:\Program Files.)

It creates the following registry entry so that it runs at Window startup:

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
SBHC = "%Program%\SuperBar\sbhc.exe"

It also registers itself as a browser helper object using the following names and ClassIDs:

  • SuperBar
  • SuperBar.Component
  • SuperBarBHO.Component
  • SuperBarCWS.Component
  • SuperBarExts.SaveDataInterface
  • SuperBarSE.Component
  • {136A9D1D-1F4B-43D4-8359-6F2382449255}
  • {49C3014F-03ED-4634-9FB2-2881F2C7A057}
  • {4B3EED81-842F-4C23-918B-67822AF103BD}
  • {4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7}
  • {CF1E49B3-24A6-4B17-94BE-C25102E3BF04}
  • {D7F2FD62-6C1B-4B52-85B1-F65A414BF050}
  • {B8AFA251-4EFB-4703-87D4-DA7D2435BA5E}
  • {E5DFB380-3988-4C07-8AFB-8A47769D9DB5}
  • {60F8FB2A-9915-4202-967D-1FA694A8BCF5}

It also creates the following registry key:

HKEY_LOCAL_MACHINE\Software\SuperBar

This adware records a user's browsing habits and sends acquired data to its server without the user’s knowledge. It is able to log login credentials such as passwords so that it can automatically fill in the user’s login profile for different Web sites.

Solution:

TREND MICRO SOLUTION

  • Minimum scan engine version needed: 7.100
      TMAPTN version needed: 207.00
  • DCE version needed: 3.8
      TMADCE version needed: <unavailable as of this writing>

MANUAL REMOVAL INSTRUCTIONS

Terminating the Grayware Program

This procedure terminates the running grayware process.

  1. Open Windows Task Manager.
    » On Windows 95, 98, and ME, press
    CTRL+ALT+DELETE
    » On Windows NT, 2000, and XP, press
    CTRL+SHIFT+ESC, then click the Processes tab.
  2. In the list of running programs*, locate the process:
    SBHC.EXE
  3. Select the grayware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
  4. To check if the grayware process has been terminated, close Task Manager, and then open it again.
  5. Close Task Manager.
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the grayware process. Otherwise, continue with the next procedure, noting additional instructions.

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the grayware from executing at startup.

  1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
  2. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Run
  3. In the right paanel, locate and delete the entry:
    SBHC = "%programs%\SuperBar\sbhc.exe"
    (Note: %Program% is the default Windows program files folder where applications are installed, which is usually C:\Program Files.)

Removing Browser Helper Objects

  1. Still in the Registry Editor. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Explorer>Browser Helper Objects
  2. Delete the following key:
    {136A9D1D-1F4B-43D4-8359-6F2382449255}
  3. In the left panel, double-click the following:
    HKEY_CLASSES_ROOT
  4. Delete the following subkeys:
    • SuperBar.Component
    • SuperBarBHO.Component
    • SuperBarBL.Component
    • SuperBarCWS.Component
    • SuperBarExts.SaveDataInterface
    • SuperBarSE.Component
  5. In the left panel, double-click the following:
    HKEY_CLASSES_ROOT>CLSID
  6. Delete the following subkeys:
    • {136A9D1D-1F4B-43D4-8359-6F2382449255}
    • {49C3014F-03ED-4634-9FB2-2881F2C7A057}
    • {4B3EED81-842F-4C23-918B-67822AF103BD}
    • {4B3EED81-842F-4C23-918B-67822AF103BD}
    • {CF1E49B3-24A6-4B17-94BE-C25102E3BF04}
    • {D7F2FD62-6C1B-4B52-85B1-F65A414BF050}
    • {E5DFB380-3988-4C07-8AFB-8A47769D9DB5}
  7. In the left panel, double-click the following:
    HKEY_CLASSES_ROOT>Interface Delete the following subkeys:
    • {9D1B86C7-1B93-4586-9009-EA3BD0AD63A5}
    • {B8AFA251-4EFB-4703-87D4-DA7D2435BA5E}
    • {DF7D760C-B7E2-4735-BB77-F5A1A9745E16}
  8. In the left panel, double-click the following:
    HKEY_CLASSES_ROOT>TypeLib
  9. Delete the following key:
    {60F8FB2A-9915-4202-967D-1FA694A8BCF5}
  10. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software
  11. Delete the following key:
    SuperBar
  12. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Classes
  13. Delete the following subkey:
    • SuperBar.Component
    • SuperBarBHO.Component
    • SuperBarBL.Component
    • SuperBarCWS.Component
    • SuperBarExts.SaveDataInterface
    • SuperBarSE.Component
  14. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Classes>CLSID
  15. Delete the following subkeys:
    • {136A9D1D-1F4B-43D4-8359-6F2382449255}
    • {49C3014F-03ED-4634-9FB2-2881F2C7A057}
    • {4B3EED81-842F-4C23-918B-67822AF103BD}
    • {4B3EED81-842F-4C23-918B-67822AF103BD}
    • {CF1E49B3-24A6-4B17-94BE-C25102E3BF04}
    • {D7F2FD62-6C1B-4B52-85B1-F65A414BF050}
    • {E5DFB380-3988-4C07-8AFB-8A47769D9DB5}
  16. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Classes>Interface
  17. Delete the following subkeys:
    • {9D1B86C7-1B93-4586-9009-EA3BD0AD63A5}
    • {B8AFA251-4EFB-4703-87D4-DA7D2435BA5E}
    • {DF7D760C-B7E2-4735-BB77-F5A1A9745E16}
  18. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Classes>TypeLib
  19. Delete the following key:
    {60F8FB2A-9915-4202-967D-1FA694A8BCF5}
  20. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software
  21. Delete the following subkey:
    SuperBar
  22. Close Registry Editor.
NOTE: If you were not able to terminate the grayware process as described in the previous procedure, restart your system.

Additional Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure sets.

Running Trend Micro Antivirus

Download and unzip the latest grayware pattern file and scan your system. Then, delete all files detected as ADW_SUPERBAR.A.


追加情報はこちら:
対応方法
感染状況


情報作成日:  2005/01/24



このウイルス情報に関して. こちらのアンケートにお答えください。