Home Malware Programs Bad Toolbars Freshy Toolbar

Freshy Toolbar

Posted: December 23, 2013

Threat Metric

Ranking: 929
Threat Level: 5/10
Infected PCs: 21,552
First Seen: December 23, 2013
Last Seen: October 16, 2023
OS(es) Affected: Windows

The Freshy Toolbar is a Potentially Unwanted Program that modifies your browser for redirecting you to Conduit.com, a general search engine domain. Malware researchers have had past encounters with Conduit.com and don't rate it as a threat, but do warn that you usually will be safer than otherwise if you remove the Freshy Toolbar and other Conduit-brand products from your browser. Allowing the Freshy Toolbar to remain on your browser is essentially the same as allowing a third party company to determine what sites your browser visits, which is a bad practice both for overall online stability and for the essential online safety of your computer.

A Fresh Batch of an Old Browser Hijacker

The Freshy Toolbar is marketed as a useful browser add-on that provides the 'best' website content, desktop notifications and other minor features. However, this generic marketing fluff simply is an excuse to allow the Freshy Toolbar to redirect you to Conduit's search site, which is often promoted by a wide and rotating series of browser toolbars. After its installation, the Freshy Toolbar hijacks your default search engine and in some cases, also your homepage. The predictable consequence is being unable to change your browser's settings to use other search engines besides Conduit.com.

While malware researchers frown on these kinds of non-consensual traffic 'adjustments,' they only categorize the Freshy Toolbar as a PUP and a browser hijacker. The Freshy Toolbar doesn't make direct attacks against your computer's security and shouldn't cause any direct exposure to hostile Web pages of its own free will. However, that still leaves open opportunities for search results gotten through the Freshy Toolbar causing security problems due to Conduit's haphazard attitude towards online security.

Getting that Fresh Taste out of Your Mouth

A Freshy Toolbar may not be on the same footing as a Trojan or other type of threat software, but that doesn't make installing the Freshy Toolbar any less of a bad idea. Browser add-ons without any direct and highly observable benefits usually should be culled as part and parcel of keeping your PC optimized. More importantly than that, browser add-ons that determine where your browser goes like the Freshy Toolbar always should be considered more of a drawback than anything else.

Due to the Conduit toolbar family's recorded inclinations for avoiding deletion, removing the Freshy Toolbar isn't necessarily as easy as it should be. Nevertheless, any updated and well-designed anti-adware or similar security shouldn't find it difficult to remove the Freshy Toolbar and its browser changes. Malware experts also would recommend wielding the same software versus the Freshy Toolbar's many relatives, such as the Swirlz Toolbar, the SparkleBox Toolbar, the MakeMeBabies Toolbar, the Oscar Delta Toolbar, the Crizbuzz Toolbar, the Sweet Tunes Toolbar and the Energy Community Toolbar.

Technical Details

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}Software\Microsoft\Internet Explorer\Approved Extensions\{b8f3c254-ae65-4d98-a47d-4bcfd9939868}Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Freshy.exeSOFTWARE\Microsoft\Internet Explorer\Toolbar\{b8f3c254-ae65-4d98-a47d-4bcfd9939868}SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b8f3c254-ae65-4d98-a47d-4bcfd9939868}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{b8f3c254-ae65-4d98-a47d-4bcfd9939868}

Additional Information

The following directories were created:
%APPDATA%\Freshy%LOCALAPPDATA%\NativeMessaging\CT8589%LocalAppData%\Google\Chrome\User Data\Default\Extensions\bdaojbgomjegpcipikmhammogkjakkmp%LocalAppData%\Google\Chrome\User Data\Default\Local Extension Settings\bdaojbgomjegpcipikmhammogkjakkmp%USERPROFILE%\AppData\LocalLow\Freshy
The following URL's were detected:
freshy.comservices.freshy.com
Loading...