Bocai Toolbar

Posted: March 28, 2006

Bocai Toolbar is an Internet Explorer plugin that shows the additional button and extra menu in Chinese. The threat sends the web browser to undesirable web sites and shows unsolicited pop-up advertisements. Bocai Toolbar must be manually installed. It automatically runs on every Windows startup.

File System Modifications

The following files were created in the system:

# File Name

1 bocaitoolbar.dll

2 msaddon.dll

3 msplug.dll

#	File Name
1	bocaitoolbar.dll
2	msaddon.dll
3	msplug.dll

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOTBCCommunication.HTTPAPIHKEY_CLASSES_ROOTBCCommunication.HTTPAPI.1HKEY_CLASSES_ROOTBoCaiToolBar.StockBarHKEY_CLASSES_ROOTBoCaiToolBar.StockBar.1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunRegBar=regsvr32.exe/uC:ProgramFileslogmarkocaitoolbar.dll/s/i/nHKEY_LOCAL_MACHINESOFTWAREClassesBCCommunication.HTTPAPIHKEY_LOCAL_MACHINESOFTWAREClassesBCCommunication.HTTPAPI.1HKEY_LOCAL_MACHINESOFTWAREClassesBoCaiToolBar.StockBarHKEY_LOCAL_MACHINESOFTWAREClassesBoCaiToolBar.StockBar.1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstalllogmarkHKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRunAboutSys=regsvr32.exemsaddon.dll/sHKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunRegBar=regsvr32.exe/uC:ProgramFileslogmarkocaitoolbar.dll/s/i/nHKEY_USERSS-1-5-18SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRunAboutSys=regsvr32.exemsaddon.dll/s
The following CLSID's were detected:
HKEY..\..\{CLSID Path}693A1E03-7B1B-41D8-8803-CF9ED9D860701729F6BB-0CE7-4D3C-BD08-B271D7CB3D635BD85147-1218-442D-980B-86E56860350B3855CF44-363B-4E48-B3FD-25736207B27FBF4D0BCA-6FE4-4FA2-BEBE-87A72B3B77F14DA2EE61-6399-4C39-AEB9-0D990E610D29

Bocai Toolbar

File System Modifications

Registry Modifications

Leave a Reply