Adware.MBKWbar

[Brad]

Behavior
Adware.MBKWbar is an adware program that displays advertisements.

Symptoms
Files detected as Adware.MBKWbar.

Transmission
This adware is installed manually.

technical details
File names:
MBKWBar.exe
IEToolbar.dll

When Adware.Appoli is executed, it performs the following actions:

   1. Creates the following file:

          * %ProgramFiles%\MBKWBar\IEToolBar.dll

            Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

   2. Creates the following registry keys:

      HKEY_CLASSES_ROOT\CLSID\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1}
      HKEY_CLASSES_ROOT\IEToolBar.ToolBarImpl.1
      HKEY_CLASSES_ROOT\IEToolBar.ToolBarImpl
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MBKWBar
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Typelib\{4A7DBA74-E729-4EC8-92E2-FFD83921449F}
      HKEY_CLASSES_ROOT\TypeLib\{4A7DBA74-E729-4EC8-92E2-FFD83921449F}
      HKEY_CURRENT_USER\Software\MBKWBar
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1}

   3. Connects to the domains config.mbkwbar.com and report.mbkwbar.com to register itself and to download configuration parameters.

   4. Loads IEToolBar.dll with Internet Explorer and displays pop-up advertisements.


removal instructions

1. To uninstall the security risk
This security risk includes an uninstallation applet. In order to uninstall this security risk, complete the following instructions:

   1. Click Start > Settings > Control Panel or Start > Control Panel (this varies with the operating system).

   2. In the Control Panel window, double-click Add/Remove Programs.

      Windows Me only: If you do not see the Add/Remove Programs icon, click ...view all Control Panel options.

   3. Click MBKWBar - Toolbar.

      Note: You may need to use the scroll bar to view the whole list.

   4. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

      Note: After running the Add/Remove programs applet, all the files may have been removed. You will want to run a full system scan to ensure that this is the case. However, it is possible that no files will be detected after using Add/Remove programs.

REMOVAL INSTRUCTIONS
To uninstall the security risk
This security risk includes an uninstallation applet. In order to uninstall this security risk, complete the following instructions:

   1. Click Start > Settings > Control Panel or Start > Control Panel (this varies with the operating system).

   2. In the Control Panel window, double-click Add/Remove Programs.

      Windows Me only: If you do not see the Add/Remove Programs icon, click ...view all Control Panel options.

   3. Click MBKWBar - Toolbar.

      Note: You may need to use the scroll bar to view the whole list.

   4. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

      Note: After running the Add/Remove programs applet, all the files may have been removed. You will want to run a full system scan to ensure that this is the case. However, it is possible that no files will be detected after using Add/Remove programs.