Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ctoolbar.exe Entry Is Incorrect Options


  • Please log in to reply
9 replies to this topic

#1 Tokar

Tokar

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 30 May 2007 - 02:12 PM

Hello,

Your entry for CToolbar.exe (Crawler Toolbar) is incorrect: http://www.bleepingcomputer.com/startups/C....exe-14219.html

Crawler Toolbar is not adware or spyware contrary to what the page says. In February of this year the toolbar was given eTrust whitelist certifications. The toolbar is also listed on several download services which have a zero-tolerance policy towards adware, spyware and malware, namely Download.com and Softpedia.com (the top two download sites in the world).

The CastleCops entry is outdated and are in the process of reviewing (and probably removing) the entries.

Could you please update your entry(s) for Crawler Toolbar?

Thank you.

BC AdBot (Login to Remove)

 


#2 mz30

mz30

  • Members
  • 828 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:liverpool,england
  • Local time:06:02 AM

Posted 30 May 2007 - 04:26 PM

hi tokar
from what i can see everywhere i look has CToolbar.exe flagged as malware ,its probably not for me to sy but i think there will have to be a lot of reserch done by lot of people before it is taken off the undesirable list.

The CastleCops entry is outdated and are in the process of reviewing (and probably removing) the entries.

i think personally the word you used probably is enough to keep it were it is but that is just my opinion :thumbsup:
god my head hurts.
if you don't ask ,you don't know



Posted Image

#3 Tokar

Tokar
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 31 May 2007 - 07:47 AM

Well with respect to BleepingComputer's posting, it refers to the Toolbar as part of the malware WareOut. That would be fine if proper information could be obtained that associates it with such. However, 1) the link provided on the BleepingComputer post is bad (it leads to a page with no information about WareOut), and 2) the information at Sunbelt Software (which every other Crawler Toolbar posting links to for WareOut) does not list Crawler Toolbar to be associated with WareOut.

For example:
http://www.sysinfo.org/startuplist.php?let...&offset=800
They provide the same information that every other place lists, though not as pretty as BleepingComputer. It links to WareOut at Sunbelt software, http://research.sunbelt-software.com/threa...;threatid=40280, which makes no mention of Crawler Toolbar.

This information is the original, outdated information as provided by Paul Collins, pacman<AT>pacs-portal.co.uk, which is listed at the bottom of each of these pages.

The new updated content from Paul Collins is available in a ZIP on his website. It was updated a few days ago and DOES NOT list CToolbar.exe anywhere: http://www.pacs-portal.co.uk/startup_pages/startups_all.zip



Pages which are not based on this old information from are actively reviewing the product, or dont even list it as bad:
See:
http://www.whatsrunning.net/whatsrunning/Q...px?Process=1354
http://www.processlibrary.com/directory/files/ctoolbar

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:02 AM

Posted 31 May 2007 - 11:15 AM

Hi Tokar,

Welcome to BC. From this post, I assume you work for Spyware Terminator? With all due respect, I think you may be confused with how our startup database works. We do not list Toolbars, BHOs, IE Extensions, DPFs, or UrlSearchHooks in our database. Our database is only executables and DLLs that are started up via automatic run locations, which a toolbar is not. CC on the other hand does have a Toolbar database, but if you are referring to their entry in their startup database, then the information below applies to their entry as well. I will let the CC startup administrators know about this topic so they do not do extra research on their end/

I for one, have no experience with Crawler Toolbar or the company who represents Ctoolbar? From the research I have done, they do indeed appear to be a legitimate Internet Explorer toolbar. Their file is located at C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe.

The confusion we are having is because it is very common for different software to use the same filenames as another one. I think we can all agree on that.

I was able to get the original DoxDesk page from the WayBack machine and we can see that the Wareout infection does indeed use CToolBar.exe filename:

http://web.archive.org/web/20060106081903/...te/WareOut.html

As the information comes from Andrew Clover, I think we can be rest assured that it is accurate. So it appears that Wareout did indeed create startup entries that had random reg names and random filenames. One of the random filenames that it would use would be CToolBar.exe. This is further corroborated by some entries found in HijackThis logs.

I have put the filenames in question in bold below. You can also see that in two of the logs, there are two startup entries that match possible startups found in Andrew's writeup.

From this log:

O4 - HKCU\..\Run: [iesetupdll] CToolBar.exe
O4 - HKCU\..\Run: [StatusCheck] InpriseMon.exe
O4 - HKCU\..\Run: [driver64] xsetup.exe

Or from this log:

O4 - HKCU\..\Run: [barint] CToolBar.exe
O4 - HKCU\..\Run: [xsetup] srbho.exe
O4 - HKCU\..\Run: [SpyElim] JAguAr.exe

Or from this log:

O4 - HKCU\..\Run: [TorontoMail] corrida.exe
O4 - HKCU\..\Run: [SysSupport] CToolBar.exe


These are clearly malware and not affiliated with Crawler Toolbar.

For even further clarification, our startup entry for CToolBar.exe states that the file we are talking about is located in the %System% folder. That alone shows that we are talking about completely different files.

So with all of this said, we will be leaving the entry as it is due to it being accurate. If you have any evidence showing the contrary please let me know and I will be happy to look into it further. To avoid further confusion, I have added a statement into the startup entry stating that it is not the same program as Crawler Toolbar.

Thanks for contacting us.

#5 Tokar

Tokar
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 31 May 2007 - 01:39 PM

Yes, I am affiliated with the company. That is me in that post on the Spyware Terminator forums ;).

Your clarification is assuring.


If you dont mind a request, since you intend to maintain the entry for CToolBar.exe:
would you be willing to add a note on the page which says something like "not to be confused with Crawler Toolbar which is named CToolbar.exe"?

Thanks.

Edited by Tokar, 31 May 2007 - 01:40 PM.


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:02 AM

Posted 31 May 2007 - 02:45 PM

It is already there :thumbsup:. From my original reply:

To avoid further confusion, I have added a statement into the startup entry stating that it is not the same program as Crawler Toolbar.



#7 Tokar

Tokar
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 31 May 2007 - 03:39 PM

It is already there :thumbsup:. From my original reply:

To avoid further confusion, I have added a statement into the startup entry stating that it is not the same program as Crawler Toolbar.


Oh sorry, I failed to read that.

Thank you for your timely response and actions towards this issue. We appreciate it.

Edited by Tokar, 31 May 2007 - 03:40 PM.


#8 Tokar

Tokar
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 23 July 2007 - 03:36 PM

Grinler:

Sorry to rehash an old thread, but this page was brought to my attention: http://www.bleepingcomputer.com/uninstall/...er-Toolbar.html

Could you please remove this page since Crawler Toolbar is not malware?

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:02 AM

Posted 27 July 2007 - 03:51 PM

Done.

#10 Tokar

Tokar
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 30 July 2007 - 11:08 AM

Thanks a lot Grinler. Working with people like yourself makes my job much easier.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users