Hello,
Your entry for CToolbar.exe (Crawler Toolbar) is incorrect: http://www.bleepingcomputer.com/startups/C....exe-14219.html
Crawler Toolbar is not adware or spyware contrary to what the page says. In February of this year the toolbar was given eTrust whitelist certifications. The toolbar is also listed on several download services which have a zero-tolerance policy towards adware, spyware and malware, namely Download.com and Softpedia.com (the top two download sites in the world).
The CastleCops entry is outdated and are in the process of reviewing (and probably removing) the entries.
Could you please update your entry(s) for Crawler Toolbar?
Thank you.
Full Version: Ctoolbar.exe Entry Is Incorrect Options
BleepingComputer.com > Bleeping Computer Applications and Guides > Windows Startup Programs Database
hi tokar
from what i can see everywhere i look has CToolbar.exe flagged as malware ,its probably not for me to sy but i think there will have to be a lot of reserch done by lot of people before it is taken off the undesirable list.
i think personally the word you used probably is enough to keep it were it is but that is just my opinion
from what i can see everywhere i look has CToolbar.exe flagged as malware ,its probably not for me to sy but i think there will have to be a lot of reserch done by lot of people before it is taken off the undesirable list.
QUOTE
The CastleCops entry is outdated and are in the process of reviewing (and probably removing) the entries.
i think personally the word you used probably is enough to keep it were it is but that is just my opinion
Well with respect to BleepingComputer's posting, it refers to the Toolbar as part of the malware WareOut. That would be fine if proper information could be obtained that associates it with such. However, 1) the link provided on the BleepingComputer post is bad (it leads to a page with no information about WareOut), and 2) the information at Sunbelt Software (which every other Crawler Toolbar posting links to for WareOut) does not list Crawler Toolbar to be associated with WareOut.
For example:
http://www.sysinfo.org/startuplist.php?let...&offset=800
They provide the same information that every other place lists, though not as pretty as BleepingComputer. It links to WareOut at Sunbelt software, http://research.sunbelt-software.com/threa...;threatid=40280, which makes no mention of Crawler Toolbar.
This information is the original, outdated information as provided by Paul Collins, pacman<AT>pacs-portal.co.uk, which is listed at the bottom of each of these pages.
The new updated content from Paul Collins is available in a ZIP on his website. It was updated a few days ago and DOES NOT list CToolbar.exe anywhere: http://www.pacs-portal.co.uk/startup_pages/startups_all.zip
Pages which are not based on this old information from are actively reviewing the product, or dont even list it as bad:
See:
http://www.whatsrunning.net/whatsrunning/Q...px?Process=1354
http://www.processlibrary.com/directory/files/ctoolbar
For example:
http://www.sysinfo.org/startuplist.php?let...&offset=800
They provide the same information that every other place lists, though not as pretty as BleepingComputer. It links to WareOut at Sunbelt software, http://research.sunbelt-software.com/threa...;threatid=40280, which makes no mention of Crawler Toolbar.
This information is the original, outdated information as provided by Paul Collins, pacman<AT>pacs-portal.co.uk, which is listed at the bottom of each of these pages.
The new updated content from Paul Collins is available in a ZIP on his website. It was updated a few days ago and DOES NOT list CToolbar.exe anywhere: http://www.pacs-portal.co.uk/startup_pages/startups_all.zip
Pages which are not based on this old information from are actively reviewing the product, or dont even list it as bad:
See:
http://www.whatsrunning.net/whatsrunning/Q...px?Process=1354
http://www.processlibrary.com/directory/files/ctoolbar
Hi Tokar,
Welcome to BC. From this post, I assume you work for Spyware Terminator? With all due respect, I think you may be confused with how our startup database works. We do not list Toolbars, BHOs, IE Extensions, DPFs, or UrlSearchHooks in our database. Our database is only executables and DLLs that are started up via automatic run locations, which a toolbar is not. CC on the other hand does have a Toolbar database, but if you are referring to their entry in their startup database, then the information below applies to their entry as well. I will let the CC startup administrators know about this topic so they do not do extra research on their end/
I for one, have no experience with Crawler Toolbar or the company who represents Ctoolbar? From the research I have done, they do indeed appear to be a legitimate Internet Explorer toolbar. Their file is located at C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe.
The confusion we are having is because it is very common for different software to use the same filenames as another one. I think we can all agree on that.
I was able to get the original DoxDesk page from the WayBack machine and we can see that the Wareout infection does indeed use CToolBar.exe filename:
http://web.archive.org/web/20060106081903/...te/WareOut.html
As the information comes from Andrew Clover, I think we can be rest assured that it is accurate. So it appears that Wareout did indeed create startup entries that had random reg names and random filenames. One of the random filenames that it would use would be CToolBar.exe. This is further corroborated by some entries found in HijackThis logs.
I have put the filenames in question in bold below. You can also see that in two of the logs, there are two startup entries that match possible startups found in Andrew's writeup.
From this log:
O4 - HKCU\..\Run: [iesetupdll] CToolBar.exe
O4 - HKCU\..\Run: [StatusCheck] InpriseMon.exe
O4 - HKCU\..\Run: [driver64] xsetup.exe
Or from this log:
O4 - HKCU\..\Run: [barint] CToolBar.exe
O4 - HKCU\..\Run: [xsetup] srbho.exe
O4 - HKCU\..\Run: [SpyElim] JAguAr.exe
Or from this log:
O4 - HKCU\..\Run: [TorontoMail] corrida.exe
O4 - HKCU\..\Run: [SysSupport] CToolBar.exe
These are clearly malware and not affiliated with Crawler Toolbar.
For even further clarification, our startup entry for CToolBar.exe states that the file we are talking about is located in the %System% folder. That alone shows that we are talking about completely different files.
So with all of this said, we will be leaving the entry as it is due to it being accurate. If you have any evidence showing the contrary please let me know and I will be happy to look into it further. To avoid further confusion, I have added a statement into the startup entry stating that it is not the same program as Crawler Toolbar.
Thanks for contacting us.
Welcome to BC. From this post, I assume you work for Spyware Terminator? With all due respect, I think you may be confused with how our startup database works. We do not list Toolbars, BHOs, IE Extensions, DPFs, or UrlSearchHooks in our database. Our database is only executables and DLLs that are started up via automatic run locations, which a toolbar is not. CC on the other hand does have a Toolbar database, but if you are referring to their entry in their startup database, then the information below applies to their entry as well. I will let the CC startup administrators know about this topic so they do not do extra research on their end/
I for one, have no experience with Crawler Toolbar or the company who represents Ctoolbar? From the research I have done, they do indeed appear to be a legitimate Internet Explorer toolbar. Their file is located at C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe.
The confusion we are having is because it is very common for different software to use the same filenames as another one. I think we can all agree on that.
I was able to get the original DoxDesk page from the WayBack machine and we can see that the Wareout infection does indeed use CToolBar.exe filename:
http://web.archive.org/web/20060106081903/...te/WareOut.html
As the information comes from Andrew Clover, I think we can be rest assured that it is accurate. So it appears that Wareout did indeed create startup entries that had random reg names and random filenames. One of the random filenames that it would use would be CToolBar.exe. This is further corroborated by some entries found in HijackThis logs.
I have put the filenames in question in bold below. You can also see that in two of the logs, there are two startup entries that match possible startups found in Andrew's writeup.
From this log:
O4 - HKCU\..\Run: [iesetupdll] CToolBar.exe
O4 - HKCU\..\Run: [StatusCheck] InpriseMon.exe
O4 - HKCU\..\Run: [driver64] xsetup.exe
Or from this log:
O4 - HKCU\..\Run: [barint] CToolBar.exe
O4 - HKCU\..\Run: [xsetup] srbho.exe
O4 - HKCU\..\Run: [SpyElim] JAguAr.exe
Or from this log:
O4 - HKCU\..\Run: [TorontoMail] corrida.exe
O4 - HKCU\..\Run: [SysSupport] CToolBar.exe
These are clearly malware and not affiliated with Crawler Toolbar.
For even further clarification, our startup entry for CToolBar.exe states that the file we are talking about is located in the %System% folder. That alone shows that we are talking about completely different files.
So with all of this said, we will be leaving the entry as it is due to it being accurate. If you have any evidence showing the contrary please let me know and I will be happy to look into it further. To avoid further confusion, I have added a statement into the startup entry stating that it is not the same program as Crawler Toolbar.
Thanks for contacting us.
Yes, I am affiliated with the company. That is me in that post on the Spyware Terminator forums ;).
Your clarification is assuring.
If you dont mind a request, since you intend to maintain the entry for CToolBar.exe:
would you be willing to add a note on the page which says something like "not to be confused with Crawler Toolbar which is named CToolbar.exe"?
Thanks.
Your clarification is assuring.
If you dont mind a request, since you intend to maintain the entry for CToolBar.exe:
would you be willing to add a note on the page which says something like "not to be confused with Crawler Toolbar which is named CToolbar.exe"?
Thanks.
It is already there 
. From my original reply:
. From my original reply:QUOTE
To avoid further confusion, I have added a statement into the startup entry stating that it is not the same program as Crawler Toolbar.
QUOTE(Grinler @ May 31 2007, 03:45 PM) 
It is already there . From my original reply:
. From my original reply:QUOTE
To avoid further confusion, I have added a statement into the startup entry stating that it is not the same program as Crawler Toolbar.
Oh sorry, I failed to read that.
Thank you for your timely response and actions towards this issue. We appreciate it.
Grinler:
Sorry to rehash an old thread, but this page was brought to my attention: http://www.bleepingcomputer.com/uninstall/...er-Toolbar.html
Could you please remove this page since Crawler Toolbar is not malware?
Sorry to rehash an old thread, but this page was brought to my attention: http://www.bleepingcomputer.com/uninstall/...er-Toolbar.html
Could you please remove this page since Crawler Toolbar is not malware?
Done.
Thanks a lot Grinler. Working with people like yourself makes my job much easier.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.