Adware-Hotbar proliferating like mad on our network!

[AnotherITguy]

Hello All,


Has anyone had an outbreak of Hotbar? This morning we've had at least 100 PCs screaming at our ePO server that are infected with Hotbar. McAfee lists the "virus" as "Adware-Hotbar." This is causing major havoc at our facility... Any ideas?


Thanks,


Jay

 

[AnotherITguy]

Also, "NewDotNet" is gaining steam... 85% of the PCs have current virus definitions, and even they are getting nailed. Also, running an ODS on the infected machines isn't doing any good as "Adware-Hotbar" cannot seem to be cleaned or deleted. HEEEEEEEEEELLLLLLLLLLP!

Jay

 

[mattmsudawg]

The only thing you can do to get rid of it is use a program like Ad-aware to remove it. If you have some kind of software that blocks websites, block the sites related to these programs.

 

[AnotherITguy]

Thanks for the reply Matt! Although it is ironic, many websites have stated that the uninstall from Hotbar works OK, so I think I'm going to have the users run that... any thing I should know about it before I do so?

I'm still not sure how it has proliferated to so many machines in such a short time. After reading about the virus on

http://www.nai.com

, I thought that the only way you could get infected was by manually accepting the Hotbar agreement when the window popped up. From what I've seen, this isn't what has happened to these users, I want to say that it has broadcast itself out like a worm and jumped from computer to computer. Is this possible?


Jay

 

[cixelsydmai]

Hotbar attaches itself to emails, it puts a little bar at the bottom of the email saying "Click here to add smilies to your email." Many users who think this is "cute" click on the link and it gets installed on their machine.

We were having serveral issues with Hotbar back in August, when we first started seeing it, and the uninstall from the Hotbar website seemed to not work as well as we would have liked to. We found here at work that Ad-aware does a much nicer job of cleaning off Hotbar than the uninstaller did.

Once a person has it on their machine, any email they send out will also have the Hotbar link at the bottom, so it is emailed to everyone that the user with Hotbar is emailing.

The spam through Alert manager got so bad, I had to turn off the detect of unwanted programs because it was getting so bad.

Hope that helps,

Sven

 

[AnotherITguy]

Thanx Sven! Yes, over the past two days I have learned more than I ever wanted to about Hotbar. =( You are absolutely correct, one user sent out a mass email to approximately 40+ users and from there it just went crazy due to all the users clicking on the banner and then passing it on to others... One question though, has anyone ever heard of NewDotNet piggy-backing onto Hotbar? Almost all of the Hotbar infections found also had an installation of NewDotNet. This program has ripped up our DNS settings I believe, suddenly many users were unable to surf the net, log onto Exchange, etc...and after I found the uninstall utility for it and once I ran it -the users could run network applications. During the uninstallation, it does mention that "Network connections being restored"...Anyone care to comment?