C.O.B.R.A. Toolbar 1.5.0.82

C.O.B.R.A. Toolbar 1.5.0.82 is a toolbar that has a search function and provides search results for paid advertisers.Track browsing habits.Adds a third-party utility bar to the web browser.Changes browserShows Advertisements.

General information:

Malware Name:	C.O.B.R.A. Toolbar 1.5.0.82
Malware Type:	Toolbar
Company Name:	authenticol.com
Company URL:	http://authenticol.com/
Threat Level:	Elevated Risk
Operating System:	WIN XP
Installation Type:	Installed through EXE
Operation:	Time of After Installation

Company Description:

Authenticol.com provides you the toolbar C.O.B.R.A. Toolbar 1.5.0.82.

Spyware Description:

Characteristics/Symptoms:

-> It has a search function and provides search results for paid advertisers. -> Track browsing habits. -> Adds a third-party utility bar to the web browser. -> Changes browser -> Shows Advertisements.

Additional information might be found here:

	Search at Google for C.O.B.R.A. Toolbar 1.5.0.82
	Search at Bing for C.O.B.R.A. Toolbar 1.5.0.82
	Search at Yahoo for C.O.B.R.A. Toolbar 1.5.0.82

Processes Running:

File information Created after Installation:

File Location	Size (Bytes)	Type
C:\Documents and Settings\[USER]\Application Data\Authenticol\Cobra.ldb	128	Microsoft Office Access Record-Locking Information
C:\Program Files\Authenticol\Firefox\defaults\preferences\Cobra.js	57	JScript Script File
C:\Program Files\Authenticol\Firefox\install.rdf	1558	RDF File

Folder information Created after Installation:

Folder Location
C:\Documents and Settings\[USER]\Application Data\Authentico
C:\Program Files\Authentico

Registry information Created after Installation:

Main Registry Key	Sub Registry Key	Key Value Name
HKEY_LOCAL_MACHINE	\SOFTWARE\Classes\CLSID\{9A1249E0-CCD2-4C96-9EA4-BD1E17BB7731}	AppID
HKEY_LOCAL_MACHINE	\SOFTWARE\Classes\CLSID\{9A1249E0-CCD2-4C96-9EA4-BD1E17BB7731}\InprocServer32	ThreadingModel
HKEY_LOCAL_MACHINE	\SOFTWARE\Classes\CLSID\{B52D859B-6445-4A0D-8918-7565E29EAA3D}	AppID