Adware.SweetBar

Description:	Adware
Risk Level:	Critical
Date of First Occurence:	Monday, April 14, 2008
Software Developer:	(unknown)
Brief Info:	Adaware Software that is displaying pop-up/pop-under windows containing advertisements when the primary user interface is not visible or displayed advertisements are not related to the product.
Removal:	This threat can be removed using "Spyware Terminator"

Detected Files:
Detected Files with variable Filenames: MD5: 759983A88E4EEA7A304438858AD019B6 Size: 548992 %PROGRAMFILES%\Macrogaming\SweetIMBarForIE\toolbar.dll %SystemDiskRoot%\Config.Msi\147fc6a.rbf %SystemDiskRoot%\Config.Msi\24515f.rbf %SystemDiskRoot%\Config.Msi\288bc5c.rbf %SystemDiskRoot%\Config.Msi\974616.rbf %PROGRAMFILES%\Macrogaming\SweetIMBarForIE\toolbar.dll.ren %SystemDiskRoot%\System Volume Information\_restore{9B7BB700-9269-4E60-AD1A-F3FF79A0262A}\RP246\A0198081.rbf G:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll c:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll %SystemDiskRoot%\System Volume Information\_restore{BAAE55C2-8AA3-44CE-8A5D-1CF73D62D0CA}\RP181\A0055898.DLL %SystemDiskRoot%\System Volume Information\_restore{1BFCF654-1E64-4046-87CD-86E83A4B4440}\RP17\A0013719.dll and next 133 variations.

Files by Name %sysdir%\inetcomm.exe %sysdir%\InetSvrHelper.dll %sysdir%\InetSvr.dll %sysdir%\SweetSetup.exe %ProgramFiles%\SweetBox\SweetBox.exe %ProgramFiles%\SweetBox\SweetBrowser.exe %ProgramFiles%\SweetBox\SweetActive.ocx %ProgramFiles%\SweetBox\SweetStyle.dll
Files by MD5 MD5: 759983A88E4EEA7A304438858AD019B6 Size: 548992
Files by Directories %ProgramFiles%\SweetBox
Files by CLSID or Name CLSID=68A7F9FA-A202-4D45-AABA-A10DCAC0D899
Registry Keys HKCR\Classes\Interface\{61297440-4879-4264-9602-59DBB717778F} HKCR\Classes\TypeLib\{1D366026-28E1-4B07-8140-B8FB929A1C19} HKLM\SOFTWARE\Classes\SweetBarBHO.CInetSvrHelper HKLM\SOFTWARE\Classes\SweetBarBHO.CInetSvrHelper.1 HKLM\SOFTWARE\SweetBar HKLM\SYSTEM\ControlSet001\Services\IPRIP HKLM\SYSTEM\CurrentControlSet\Services\IPRIP