Anti-Spyware and PC Security News

Overview

Toolbar888 arrives as a file downloaded from the Internet by unsuspecting users while visiting malicious Web sites. It may also arrive as a file dropped by another malware.

Upon execution, it creates the folder ToolBar888 in the Windows Program Files folder and drops a .DLL file that Trend Micro detects as ADW_MYTOOLBAR.A.

It changes some essential web browser settings and hijacks search results. It also redirects the user to undesirable web sites that serve unsolicited commercial advertisements. The parasite runs every time Internet Explorer is launched.

It installs itself as a visible browser helper object (BHO) and is capable of displaying pop-up advertisements.

Aliases

AdWare.Win32.Softomate.q [Kaspersky], Adware.MaxSearch [Symantec], Freeprod/Toolbar888 [Counterspy], maxfiles [Webroot]

How to Remove Toolbar888?

There are 2 methods: Automatic and Manual. Manual removal involves editing the Windows Registry and is not recommended for those not familiar with it.

Automatic Removal

1. Download Spyware and Adware Removal Tool. We have tested and reviewed the Top 3 Spyware/Adware Removal Software. You can download free from here.

Download Toolbar888 removal tool

2. Scan and detect and remove any Toolbar888 infection.

3. Reboot your PC and run another scan to check for any traces left of Toolbar888.

Manual Removal (See Notes below on editing the Registry)

A) Removing Autostart Entry from the Registry

Removing the autostart entry from the registry prevents the grayware from executing at startup.

If the registry entry below is not found, the grayware may not have executed as of detection. If so, proceed to the succeeding solution set.

1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
   HKEY_CURRENT_USER>Software>Microsoft>Windows>
   CurrentVersion>Policies>Explorer>Run
3. In the right panel, locate and delete the entry:
   {B8C12180-0AF6-1033-1112-040720200001} = “”%Program Files%\Common Files\{B8C12180-0AF6-1033-1112-040720200001} \Update.exe” mc-110-12-0000141 ”
   (Note: %Program Files% is the default Program Files folder, usually C:\Program Files.)

B) Removing Other Grayware Keys and Entries from the Registry

1. Still in Registry Editor, in the left panel, double-click the following:
   HKEY_CLASSES_ROOT
2. Still in the left panel, locate and delete the following keys:
   • MyToolBar.MyToolBarObj
   • MyToolBar.MyToolBarObj.1
3. In the left panel, double-click the following:
   HKEY_CLASSES_ROOT>CLSID
4. Still in the left panel, locate and delete the key:
   {CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
5. In the left panel, double-click the following:
   HKEY_CLASSES_ROOT>Interface
6. Still in the left panel, locate and delete the key:
   {CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
7. In the left panel, double-click the following:
   HKEY_CLASSES_ROOT>TypeLib
8. Still in the left panel, locate and delete the key:
   {CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
9. In the left panel, double-click the following:
   HKEY_CURRENT_USER>Software
10. Still, in the left panel, locate and delete the key:
    MyToolBar
11. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>
    CurrentVersion>Uninstall
12. Still in the left panel, locate and delete the key:
    ToolBar888
13. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>
    CurrentVersion>explorer>Browser Helper Objects
14. Still in the left panel, locate and delete the key:
    {CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
15. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Internet Explorer>Toolbar
16. In the right panel, locate and delete the entry:
    {CBCC61FA-0221-4CCC-B409-CEE865CACA3A} = “{Random string}”
17. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>Internet Explorer>
    Toolbar>WebBrowser
18. In the right panel, locate and delete the entry:
    {CBCC61FA-0221-4CCC-B409-CEE865CACA3A} = “{Random string}”
19. Close Registry Editor.

C) Deleting Grayware Folders

1. Right-click Start then click Search… or Find…, depending on the version of Windows you are running.
2. In the Named input box, type:
   ToolBar888
3. In the Look in: drop-down list, select the drive that contains Windows, then press Enter.
4. Once located, select the folder then press Delete.
5. Repeat steps 2 to 4 for the folder {B8C12180-0AF6-1033-1112-040720200001}.

Notes on Editing the Registry

Before attempting to manually edit the registry, please refer to the following articles from Microsoft:

1. HOW TO: Backup, Edit, and Restore the Registry in Windows 95, Windows 98, and Windows ME
2. HOW TO: Backup, Edit, and Restore the Registry in Windows NT 4.0
3. HOW TO: Backup, Edit, and Restore the Registry in Windows 2000
4. HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Server 2003

Recommendation

Spyware/Adware such as Toolbar888 can invade your privacy, bombard you with pop-up windows, slow down your computer, and even make your computer crash. So if you want to prevent spyware, you have to take back control of your PC today!

Important: Our suggestion for preventing future spyware and adware is to obtain a good online anti-spyware program, which will make sure that your system remains safe when you surf on the web. With this Spyware scanner, you’ll get updates twice a week ensuring that you get the latest Toolbar888 variants and other malicious threats.

If you think your PC may already have Toolbar888, use Toolbar888 remover software to find and remove Toolbar888 and other common Spyware infections.

Download Toolbar888 removal tool