AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 02, 2008, 07:42:06 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Trackware.Anquiro 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Trackware.Anquiro  (Read 2195 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
Trackware.Anquiro
« on: August 27, 2005, 10:52:10 PM »
Trackware.Anquiro is a toolbar which uses a unique identifier to track browsing habits and replaces your Explorer home page

Symptoms
Files are detected as Trackware.Anquiro

Transmission
Trackware.Anquiro must be manually installed or installed with another program

technical details
File names: anquiro.dll

When Trackware.Anquiro is installed it does the following:

   1. Creates the following files:

          * %ProgramFiles%\aniquro\anquiro.dll
          * %ProgramFiles%\aniquro\anquiro.inf
          * %ProgramFiles%\aniquro\basis.xml
          * %ProgramFiles%\aniquro\Cache\522ea8a804a3e7e4b93df15a1539fc53.xml
          * %ProgramFiles%\aniquro\favicon.ico
          * %ProgramFiles%\aniquro\nav.bmp
          * %ProgramFiles%\aniquro\newversion.txt
          * %ProgramFiles%\aniquro\toolbar.crc
          * %ProgramFiles%\aniquro\version.txt

            Note:
          * These files may also be created in %ProgramFiles%\IEToolbar
          * %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

   2. Creates the following registry subkeys:

      HKEY_CLASSES_ROOT\CLSID\{A4F64D63-3576-4754-8DD5-4D0A49345FD5}
      HKEY_CLASSES_ROOT\Interface\{FABBB49A-4D7B-415B-8250-15C3B854E9FF}
      HKEY_CLASSES_ROOT\TypeLib\{5680210F-3D26-449E-9EF5-D03E34C894D9}
      HKEY_CLASSES_ROOT\XBTB00000.IEToolbar
      HKEY_CLASSES_ROOT\XBTB00000.IEToolbar.1
      HKEY_CLASSES_ROOT\XBTB00000.XBTB00000
      HKEY_CLASSES_ROOT\XBTB00000.XBTB00000.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A4F64D63-3576-4754-8DD5-4D0A49345FD5}
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB00000.XBTB00000IEToolbar
      HKEY_CURRENT_USER\Software\XBTB00000

   3. Adds the following value:

      "{A4F64D63-3576-4754-8DD5-4D0A49345FD5}" = "00"

      to the registry subkeys:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
      HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
      HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

   4. Adds the following value:

      "{12F02779-6D88-4958-8AD3-83C12D86ADC7}" = ""

      to the registry subkey:

      HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\URLSearchHooks     

   5. Adds the following value:

      "C%Program Files%aniquro" = "C:\Program Files\aniquro"

      to the registry subkey:

      HKEY_ALL_USERS\Software\WinRAR SFX

   6. Changes the following value:

      "Start Page" = "[http://]www.anquiro.com/[REMOVED]"

      in the registry subkey:

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

      which changes your Internet Explorer home page settings.


REMOVAL INSTRUCTIONS
See: http://securityresponse.symantec.com/avcenter/venc/data/trackware.anquiro.html


To delete the value from the registry
   1. Click Start > Run.
   2. Type regedit

      Then click OK.

   3. Navigate to the subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
      HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
      HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

   4. In the right pane, delete the value:

      "{A4F64D63-3576-4754-8DD5-4D0A49345FD5}" = "00"

   5. Navigate to the subkey:

      HKEY_ALL_USERS\Software\Microsoft\Internet Explorer\URLSearchHooks

   6. In the right pane, delete the value:

      "{12F02779-6D88-4958-8AD3-83C12D86ADC7}" = ""

   7. Navigate to the subkey:

      HKEY_ALL_USERS\Software\WinRAR SFX

   8. In the right pane, delete the value:

      "C%Program Files%aniquro" = "C:\Program Files\aniquro"

   9. Navigate to and delete the following subkeys:

      HKEY_CLASSES_ROOT\CLSID\{A4F64D63-3576-4754-8DD5-4D0A49345FD5}
      HKEY_CLASSES_ROOT\Interface\{FABBB49A-4D7B-415B-8250-15C3B854E9FF}
      HKEY_CLASSES_ROOT\TypeLib\{5680210F-3D26-449E-9EF5-D03E34C894D9}
      HKEY_CLASSES_ROOT\XBTB00000.IEToolbar
      HKEY_CLASSES_ROOT\XBTB00000.IEToolbar.1
      HKEY_CLASSES_ROOT\XBTB00000.XBTB00000
      HKEY_CLASSES_ROOT\XBTB00000.XBTB00000.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A4F64D63-3576-4754-8DD5-4D0A49345FD5}
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB00000.XBTB00000IEToolbar
      HKEY_CURRENT_USER\Software\XBTB00000

  10. Exit the Registry Editor.


4. To reset the Internet Explorer home page

   1. Start Microsoft Internet Explorer.
   2. Connect to the Internet, and then go to the page that you want to set as your home page.
   3. Click Tools > Internet Options.
   4. In the Home page section of the General tab, click Use Current > OK.
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Spyware Alerts  |  Topic: Trackware.Anquiro « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!