OXiDE Toolbar

Future Media ArchitectsFuture Media Architects (FMA) is an Internet development company. According to the companies website “We develop our own Internet properties, Internet Portals and Technology. We do not develop for third parties.”The toolbar is marketed as a popup blocker but for its own site it allows all the popup. The toolbar also works as a search hijacker; it changes browser settings and runs in stealth mode.Characteristics/Symptoms: Search HijackerChanges browser settingsChanges Home PageSlows the browserShow popup adsRuns in background and collects user informationDate of Found: 2006-01-27Security Level: HighOperating OS: WIN XPInstallation Type: Installed through EXE.Operation: After agreeing to a EULATime of Operation: After restarting browser.Screenshot:2. Installation Sample and Image2.1. Installation Sample Origin URL: http://web.oxide.com/_1_2UOITCV02U343B__fma.main/tbar/download/gettbar.exe3. Changes after installation 3.1. Process Files and Location: OXiDE Toolbar installer creates following Directories:C:\Program Files\OxideToolbar\C:\Documents and Settings\All Users\Application Data\InfospaceC:\Documents and Settings\All Users\Application Data\Infospace\OxideToolbar3-2. ActiveX Information File location

General information:

Malware Name:	OXiDE Toolbar
Malware Type:	Browser Helper Object
Company Name:	Future Media Architects
Company URL:	http://kiwi.com/
Threat Level:	High
Operating System:	WIN XP
Installation Type:	Installed through EXE.
Operation:	Time of After restarting browser.

Company Description:

Future Media Architects (FMA) is an Internet development company. According to the companies website “We develop our own Internet properties, Internet Portals and Technology. We do not develop for third parties.”

Spyware Description:

Future Media ArchitectsFuture Media Architects (FMA) is an Internet development company. According to the companies website “We develop our own Internet properties, Internet Portals and Technology. We do not develop for third parties.”The toolbar is marketed as a popup blocker but for its own site it allows all the popup. The toolbar also works as a search hijacker; it changes browser settings and runs in stealth mode.Characteristics/Symptoms: Search HijackerChanges browser settingsChanges Home PageSlows the browserShow popup adsRuns in background and collects user informationDate of Found: 2006-01-27Security Level: HighOperating OS: WIN XPInstallation Type: Installed through EXE.Operation: After agreeing to a EULATime of Operation: After restarting browser.Screenshot:2. Installation Sample and Image2.1. Installation Sample Origin URL: http://web.oxide.com/_1_2UOITCV02U343B__fma.main/tbar/download/gettbar.exe3. Changes after installation 3.1. Process Files and Location: OXiDE Toolbar installer creates following Directories:C:\Program Files\OxideToolbar\C:\Documents and Settings\All Users\Application Data\InfospaceC:\Documents and Settings\All Users\Application Data\Infospace\OxideToolbar3-2. ActiveX Information File location

Characteristics/Symptoms:

    -> Search Hijacker -> Changes browser settings -> Changes Home Page -> Slows the browser -> Show popup ads -> Runs in background and collects user information0

Additional information might be found here:

	Search at Google for OXiDE Toolbar
	Search at Bing for OXiDE Toolbar
	Search at Yahoo for OXiDE Toolbar

Processes Running:

File information Created after Installation:

File Location	Size (Bytes)	Type
C:\Documents and Settings\All Users\Application Data\Infospace\OxideToolbar\rsscommon.xslt	4	XSLT
C:\Documents and Settings\All Users\Application Data\Infospace\OxideToolbar\searchengines.xml	39	XML
C:\Documents and Settings\All Users\Application Data\Infospace\OxideToolbar\searchspy.gif	1	GIF Image

Folder information Created after Installation:

Folder Location
C:\Documents and Settings\All Users\Application Data\Infospace
C:\Program Files\OxideToolbar\

Registry information Created after Installation: