ADW_HOTBAR
Windows 2000, Windows XP, Windows Server 2003
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Adware
Destructiveness: No
Encrypted: No
In the wild: Yes
TECHNICAL DETAILS
Installation
This adware drops the following files:
- %Program Files%\HBLite\bin\11.0.384.0\HBLiteSA.exe
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), and 7 (32-bit), or C:\Program Files (x86) in Windows XP (64-bit), Vista (64-bit), and 7 (64-bit).)
It creates the following folders:
- %system root%\Documents and Settings\Administrator\Application Data\HBLite
- %system root%\Documents and Settings\All Users\Application Data\HBLiteSA
- %system root%\Documents and Settings\All Users\Start Menu\Programs\Hotbar
- %Program Files%\HBLite
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), and 7 (32-bit), or C:\Program Files (x86) in Windows XP (64-bit), Vista (64-bit), and 7 (64-bit).)
Other System Modifications
This adware adds the following registry keys:
HKEY_CLASSES_ROOT\HBLiteAx.Info
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles
HKEY_CURRENT_USER\Software\hblitesa
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
HBLiteAx.Info
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
HBLiteAX.UserProfiles
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite
Other Details
This adware connects to the following possibly malicious URL:
- http://ics.{BLOCKED}otato.tv/InstallUI/CPLiteIndirectUI01/184/index.htm
- http://img.{BLOCKED}soft.info/uci/software/logo/vlc.jpg
- http://img.{BLOCKED}soft.info/uci/software/top.gif
- http://install.{BLOCKED}soft.info/installer/session/software/168226/1315344/
- http://install.{BLOCKED}soft.info/logger/software/hit/168226/1315344/?v.offer=srs2xquestscanhblitevlc&v.sid=08f1de0e4b9ca47b3a35cac8a797752e195dadf567de666c8a3b88dc0a091fb6
- http://js.{BLOCKED}soft.info/uci/software.js
- http://origin-ics.{BLOCKED}otato.tv/IC/GPLCPLite54/19338/0/c1affae4-730b-4130-9a21-8edd6dc38e49/VLCSetup.exe?rnd=1222187