Information about Win32/BaiduSobar the Browser Modifier

[Juan-Carlos]

Help me to get information about Win32/BaiduSobar the Browser Modifier. This week I have been given an assignment to research on latest threats on internet and I am researching on the malicious program Win32/BaiduSobar which is a browser modifier. If anyone had this on their computer please provide some information on it.

[Snake08]

Microsoft has itself announced High alert level for the Browser modifier: Win32/Baidu.Sobar. This unwanted program is a web browser toolbar. Its main intention is to generate pop-ups on the user screen. This is to confuse the user and also to redirect the user to a malicious website. This program also makes sure that certain advertisements are blocked which can also include pop-ups of anti virus as well. It modifies the Windows Registry to enable itself to execute each time the user starts his machine.

[Steve123]

The aliases detected for this adware are:

• Norman: W32/BaiduBar.A.
• Trend Micro: ADW_BAIDUBAR.
• McAfee: Adware-BDSearch.

This adware gets plugged in to the internet explorer. The adware causes a change in the search results for internet explorer. The search results try to lead the user on the infected host to visit the attacker's website.

[Milton.J]

I had this virus on my computer. There was an unknown toolbar that was installed on my web browser: internet explorer 8 (IE8) when I downloaded it. I realized that it was not present on the screen shoot of internet explorer that i have earlier seen. I then used my McAfee anti virus to detect the Win32/BaiduSobar virus and deleted it.

[Big Fish]

In case your system is infect by the Browser Modifier: Win32/BaiduSobar then your Program Files folder will contain the following files:

• ..\baidu\bar\img\logo.bmp
• ..\baidu\bar\BDBar_tmp\img\logo.bmp
• ..\baidu\bar\img\imglist.bmp
• ..\baidu\bar\BDBar_tmp\img\imglist.bmp
• ..\baidu\bar\BDBar_tmp\img\imglist.bmp
• ..\baidu\bar\BDBar_tmp\baidubar.dat
• ..\baidu\bar\BDBar_tmp\baidubar.dat
• ..\baidu\bar\baidubar.dat
• ..\baidu\bar\BDBar_tmp\BaiduBar.dll
• ..\baidu\bar\BaiduBar.dll
• ..\baidu\bar\BDBar_tmp\BaiduBar.dll

Thus basically if in the Program Files folder if there is a folder named baidu then your system is been infected by Browser Modifier: Win32/BaiduSobar.

[Zachary]

To protect your system for such threats never downloads or plug-ins for your internet explorer if they are not from the secured original official site. To be more secured it is advisable to use Mozilla Firefox browser rather than Internet Explorer browser. Always have an anti virus installed on your computer. Update it periodically as and when the latest updates are available. Enable the Firewall on your computer to safe guard against such adware and malicious programs.