09
Oct

What You Need to Know about Smartbar and snap.do

Article by Fearless Web Team
Filed under: Cybercrime,Privacy,Trend Micro Titanium,Viruses and Malware | RSS 2.0 | 4 Comments |

by TrendLabs

A couple of days ago, one of our colleagues received inquiries from friends and family about snap.do, which, apparently has been a topic of conversation in discussion boards and forums recently. This website promotes Smartbar, a browser helper object (BHO) that Trend Micro detects as SPYW_HIJACK. Checking our systems, there has indeed been a spike in the number of infections in the past couple of days.

BHOs with questionable routines or functionalities are not new: several years ago, the Hotbar adware was topic of very similar conversations Smartbar is getting now (i.e., how one gets infected and how it can be removed). So to shed light on this spyware and, hopefully, keep our readers uninfected, here’s a quick Q&A about about Smartbar:

What is Smartbar and why is it bad?
Smartbar is a browser helper object—to put simply, a browser plug-in—that changes your browser’s home page and collects information about your computer. Below is a screenshot of a browser with the Smartbar plugin installed:

 

A screenshot of a browser with the Smartbar plugin installed

Wait, what are browser plug-ins?
Plug-ins are mini-programs that are installed to a larger software application in order to enhance the said application. For Web browsers, plug-ins are added so that it can play videos, get customized search results, and even detect malware. One popular example of a browser plug-in is Adobe Flash Player.

How is Smartbar installed in my system?
Smartbar is available in the website snap.do. The website contains a link where the installer can be downloaded.

There are also reports that Smartbar is installed automatically (and without users’ consent) by other applications (as part of an installation package), by malware, or by visiting malicious websites.

So Smartbar changes my browser home page. Big deal. I can just close the toolbar to disable it, right?
No, clicking the Close button does not work, so you will have to manually restore your browser settings. And remember, it collects information about your computer.

Smartbar

 

What information does it collect and how is it able to do that?
According to its privacy policy (which is indicated in the page before you download the installer), it collects several information, including the following

-          Your IP address

-          The screen resolution of your monitor

-          The pages you visited

Smartbar also connects to certain website to send and receive information from a remote location.

Is that bad?
Yes. The plug-in, by itself, may not download malicious files, but it may expose your information to possibly malicious users.

How can I remove Smartbar?
As mentioned earlier, we detect this as SPYW_HIJACK, so those who use our solutions like our Trend Micro™ Titanium™ Security products can automatically block and remove this.

You can also remove this manually by uninstalling the program from Control Panel and restoring your browser settings. Our Threat Encyclopedia entry has a nice step-by-step guide on how to do these.

To get more tips and advice regarding Internet security, just “Like” Trend Micro Fearless Web Internet Security on Facebook at http://www.facebook.com/fearlessweb.

| More

This entry was posted on Tuesday, 9. October 2012 and is filed under "Cybercrime, Privacy, Trend Micro Titanium, Viruses and Malware". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

4 Comments to "What You Need to Know about Smartbar and snap.do"


david:

Saturday, 3. November 2012 at 7:13 pm

What are some ways to get rid of this Snap.do? When I turned on my computor this morning a window popped up called “fileRestore” and like 20 other windows popped up. I am sure that these are all viruses, but how did i get the Snap.Do and all of these viruses. I use MalwareBytes and it gets rid of it, but then it pops back up the next day. HELP!!!

Fearless Web Team:

Monday, 5. November 2012 at 3:16 pm

Hi, David. Sorry to hear about the problems you’re having. Why not try Trend Micro’s HouseCall – a free online virus scan: http://housecall.trendmicro.com/us/index.html

Vic Hargrave:

Wednesday, 28. November 2012 at 5:00 pm

More than likely you have a rootkit that has attached itself to your operating system. Malware like this tough to get rid of with any security software. I suggest you go to Google then search for “snap.do removal tool”. You will find several links there that can help you.

Rick:

Thursday, 28. February 2013 at 6:28 pm

I got Snap.do browser changer while trying to get updated drivers. with windows7. It can be found at: computer/local disk(C:)/users/owner/appdata/local/smartbar/application/
It is tough to remove from here but you will probably find it has installed NDde.dll authored by Brian Gideon. A search on him shows keylogger fame see
http://regrunreanimator.com/research/category/browser-toolbar/smartbar
At that site you will see Linkury mentioned.
search them and you will find.
http://www.uninstall-linkury.com/ now there it tells you to look under installed programs ? look under the publishers in add/remove programs for linkury and delete that program. and I think that will solve your problems. also if you see spigot in publishers remove that its an addon toolbar > unless you want it?
cheers rick

Name:

E-Mail (not published)

Website:




© Copyright 2011 Trend Micro Inc. All rights reserved.
Legal Policies & Privacy