Netcraft Toolbar

Netcraft toolbar is an anti-phishing toolbar, which gives the threat rank for the opened page on the Browser. The toolbar also shows the location for the hosting server that is hosting the current site that is opened in the browser window. The toolbar uses insufficient detection rules. The toolbar works as a search hijacker and shows a high number of popup ads. It is also equipped with an automatic updater.0

General information:

Malware Name:	Netcraft Toolbar
Malware Type:	Toolbar
Company Name:	Netcraft, Ltd.
Company URL:	http://www.netcraft.com/
Threat Level:	High
Operating System:	WIN XP
Installation Type:	Installed through EXE
Operation:	Time of After restarting browser.

Company Description:

Spyware Description:

Characteristics/Symptoms:

-> Keeps watch on the users browsing activity -> Creates cookies to track user -> Slows the browser -> Changes the default search settings -> Communicates with the host server -> Shows popup ads0

Additional information might be found here:

	Search at Google for Netcraft Toolbar
	Search at Bing for Netcraft Toolbar
	Search at Yahoo for Netcraft Toolbar

Processes Running:

File information Created after Installation:

File Location	Size (Bytes)	Type
C:\Program Files\Netcraft Toolbar\retrievepage.dll	176128	Application Extension
C:\Program Files\Netcraft Toolbar\updater.exe	32768	Application
C:\Program Files\Netcraft Toolbar\xss.dat	677	DAT File

Folder information Created after Installation:

Folder Location

Registry information Created after Installation:

Main Registry Key	Sub Registry Key	Key Value Name
HKEY_LOCAL_MACHINE	\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1801674531-1214440339-839522115-1003\Products\37678F00929B4464392227348E82B945\InstallProperties
HKEY_LOCAL_MACHINE	\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54}\Display Name\Netcraft Toolbar
HKEY_LOCAL_MACHINE	\SOFTWARE\Netcraft