Win32.BaiduSobar Adware Description
Adware Win32.Baidu Sobar is considered to be a browser modifier version of adware. It ill install a web browser toolbar on your Internet Browser. Once installed it will deliver a significant number of pop-up advertisements and will change your default search engine page. Other common names for BaiduSobar adware are:
ADW_BAIDUBAR (Trend Micro)
Adware-BDSearch (McAfee)
W32/BaiduBar.A (Norman)
Win32.BaiduSobar MalwarePayload
Besides increasing the number of overall and pop-up advertisements on your computer, Baidu.Sobar will also prevent its removal by protecting its installed files and registry keys.
Adware BaiduSobar Symptoms
Besides seeing a significant increase in the number of advertisements on your computer along with the BaiduSobar Internet Browser toolbar, the malware will also install the following files on your computer:
Presence of any of the following files:
%ProgramFiles%\baidu\bar\baidubar.dat
%ProgramFiles%\baidu\bar\BaiduBar.dll
%ProgramFiles%\baidu\bar\BDBar_tmp\baidubar.dat
%ProgramFiles%\baidu\bar\BDBar_tmp\img\imglist.bmp
%ProgramFiles%\baidu\bar\BDBar_tmp\img\logo.bmp
%ProgramFiles%\baidu\bar\img\imglist.bmp
%ProgramFiles%\baidu\bar\img\logo.bmp
%ProgramFiles%\baidu\bar\BDBar_tmp\baidubar.dat
%ProgramFiles%\baidu\bar\BDBar_tmp\BaiduBar.dll
%ProgramFiles%\baidu\bar\BDBar_tmp\BaiduBar.dll
%ProgramFiles%\baidu\bar\BDBar_tmp\img\imglist.bmp
W32.BaiduSobar Adware Processes and Files
BaiduSobar Adware will also make the following registry entries on your computer:
Presence of any of the following registry keys:
HKEY_CLASSES_ROOT\BaiduBar.Baidu.1\
HKEY_CLASSES_ROOT\BaiduBar.Baidu\
HKEY_CLASSES_ROOT\BaiduBar.Tool.1\
HKEY_CLASSES_ROOT\BaiduBar.Tool\
HKEY_CLASSES_ROOT\BaiduBarEx.BandIE.1\
HKEY_CLASSES_ROOT\BaiduBarEx.BandIE\
HKEY_CLASSES_ROOT\BaiduBarEx.DropTarget.1\
HKEY_CLASSES_ROOT\BaiduBarEx.DropTarget\
HKEY_CLASSES_ROOT\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697}\
HKEY_CLASSES_ROOT\CLSID\{7C76C055-ED6E-4535-A70F-CD476E727F67}\
HKEY_CLASSES_ROOT\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9}\
HKEY_CLASSES_ROOT\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86}\
HKEY_CLASSES_ROOT\CLSID\{FE14F22E-BE14-4F08-A80F-F27BC3A67B2D}\
HKEY_CLASSES_ROOT\Interface\{464C8A26-31E9-411C-9583-5B858E631DCC}\
HKEY_CLASSES_ROOT\Interface\{89FDCC4B-8D91-49B0-81A6-18BCFF582735}\
HKEY_CLASSES_ROOT\Interface\{96249369-D3DC-4AE6-8A3B-E7109D46E98D}\
HKEY_CLASSES_ROOT\Interface\{A294F8EB-86D9-4C4A-8B3E-909253761C64}\
HKEY_CLASSES_ROOT\TypeLib\{6AFC2761-1253-427C-9A56-385B4609BE1D}\1.0\
HKEY_CURRENT_USER\Software\Baidu\BaiduBar\
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduBar\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sobar\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{89FDCC4B-8D91-49B0-81A6-18BCFF582735}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdGuard
HKEY_LOCAL_MACHINE\Software\Classes\BaiduBar.Tool
HKEY_LOCAL_MACHINE\Software\Classes\BaiduBar.Baidu.1
HKEY_LOCAL_MACHINE\Software\Classes\BaiduBar.Baidu
HKEY_LOCAL_MACHINE\Software\Classes\BaiduBarEx.BandIE
HKEY_LOCAL_MACHINE\Software\Classes\BaiduBarEx.DropTarget.1
HKEY_LOCAL_MACHINE\Software\Classes\BaiduBarEx.DropTarget
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{FE14F22E-BE14-4F08-A80F-F27BC3A67B2D}
HKEY_LOCAL_MACHINE\Software\Classes\MimeFilter.AdFilter.1
HKEY_LOCAL_MACHINE\Software\Classes\MimeFilter.AdFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\BaiduInstall
BaiduSobar will also modify your computer’s registry to alter the search settings of Internet Explorer:
Adds values:
CustomizeSearch_sb
SearchAssistant_sb
With data: http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\
Adds values:
CustomizeSearch
SearchAssistant
With data: http://bar.baidu.com/sobar/defaultsearch.html
To subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\
BaiduSobar will also download a kernel mode driver that protects files and registry keys from being removed when you attempt to manually remove the adware.
BaiduSobar Adware Basic Removal Steps
BaiduSobar is a very hard adware program to remove manually. You will likely need to pursue automatic removal using an updated anti-virus program is the recommended means for removal.
Click here for automatic removal instructions for removing the Adware BaiduSobar.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
