|
SurferBar |
  
|
|
SurferBar |
|
Hijacker
Surferbar is an Internet Explorer toolbar that might be associated with a new version of a trojan horse program called AFlooder. It appears to be an ActiveX drive-by download. The SurferBar is also known as AdPlus/AdBar, it sets your homepage to their website along with displaying popup ads.
September 3rd, 2003 - Symantec and TrendMicro have both reported discovering this trojan, TrendMicro is calling it the JunkSurf.A trojan.
This worm exploits another security hole in Internet Explorer that needs to be patched. Two vulnerabilities, the most serious of which could enable an attacker to run arbitrary code on a user's system if the user either browsed to a hostile Web site or opened a specially crafted HTML-based email message are patched by this update. You can download the update at the following location:
Information about the security hole in Internet Explorer
http://www.microsoft.com/security/security_bulletins/ms03-032.asp
Download the patch for this security hole
http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp
How to Remove SurferBar
Follow these steps in removing the Surferbar toolbar. To complete these steps you may have to Start in Safe Mode, however by terminating the running program you should be able to complete the steps normally.
| • | Terminate the running program |
| • | Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP machines. |
| • | Locate the following program, click on it and End Task or End Process |
winsrv32.exe
- or -
wins32.exe (2nd variation)
| • | Close Task Manager |
| • | Remove the Registry entries |
| • | Click on Start, Run, Regedit |
| • | In the left panel go to |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
| • | In the right panel, right-click and delete the following entry |
c:\program files\winsrv32.exe
- or -
c:\program files\wins32.exe
| • | Close the Registry Editor |
| • | Delete the infected files (for Windows ME and XP remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well). |
| • | Click Start, point to Find or Search, and then click Files or Folders. |
| • | Make sure that "Look in" is set to (C:\WINDOWS). |
| • | In the "Named" or "Search for..." box, type, or copy and paste, the file names: |
win32.dll (in the Program Files directory)
winsrv32.exe (in the Program Files directory)
drg.exe (in the root directory)
- or -
win32.dll (in the Program Files directory)
wins32.exe (in the Program Files directory)
sfbar.exe (in the root directory)
| • | Click Find Now or Search Now. |
| • | Delete the displayed files. |
| • | Change your default Internet home page in Internet Explorer: |
| • | Open Internet Explorer |
| • | Click on Tools |
| • | Click on Internet Options |
| • | Click in the Homepage section and reset your homepage to whatever page you would like |
| • | Click OK |
| • | Open Regedit and search for registry keys containing "surferbar", "adplus", and "adbar", and delete these keys. |
 |
 |
 |
Page url:
http://www.tje.net/PCSupport/index.html?surferbar.htm
Page content was last updated: 10/6/2008
|
|
