Home Malware Programs Browser Hijackers Babylon Search/Toolbar

Babylon Search/Toolbar

Posted: October 6, 2010

Threat Metric

Ranking: 648
Threat Level: 5/10
Infected PCs: 647,141
First Seen: October 6, 2010
Last Seen: October 17, 2023
OS(es) Affected: Windows

The Babylon Toolbar is a search engine and translation utility, all rolled up into a single browser-based toolbar. While this description may make Babylon Toolbar sound benign, malware researchers have had the misfortune of noting that Babylon Toolbar includes characteristics that are commonly assigned to browsers, adware and Potentially Unwanted Programs (PUPs). Babylon Toolbar may attempt to avoid deletion by normal methods, changes your search engine settings to promote its own websites and may install itself without your permission. If normal removal methods for browser plugins fail to delete all of the Babylon Toolbar's components, you may also wish to consider deleting Babylon Toolbar with an anti-malware program (along with avoiding suspicious software downloads to dodge a Babylon Toolbar attack entirely).

How Babylon Toolbar Gets Good Publicity for Bad Habits

Babylon Toolbar is promoted at babylon.com as a multipurpose translator and search utility, and you may find Babylon Toolbar included in the installers of unrelated programs – including relatively reputable ones. The most prominent source of accidental Babylon Toolbar installations is general freeware/shareware websites, although Babylon Toolbar may also be bundled in P2P torrenting clients and other software-downloading utilities. Although Babylon Toolbar ostensibly requires your consent prior to its installation, malware experts have taken note of a preponderance of Babylon Toolbar-infected victims who aren't able to recall ever installing Babylon Toolbar in the first place.

Along with its iffy installation practices, Babylon Toolbar also changes your browser's search engine to one of its own sites. SpywareRemove.com malware analysts have found that both isearch.babylon.com and search.babylon.com have been used for this purpose, and Babylon Toolbar's settings changes may prevent you from using alternative search sites. You should attempt to remove the Babylon Toolbar before you try to change these settings back for your browser – lest you experience Babylon Toolbar doing it for you.

Bringing the Babylon Toolbar Tumbling Down

While Babylon Toolbar and its home site are often rated as low-level PC threats, SpywareRemove.com malware researchers note that keeping Babylon Toolbar on your PC or having contact with babylon.com can't be considered harmful or security risks. However, since most people will look askance to being unable to control their own web browser, it's usually recommended that you try to remove Babylon Toolbar unless you're certain that you want its services.

Because Babylon Toolbar has been known to make standard deletion methods needlessly difficult, SpywareRemove.com malware research team recommends using anti-malware software to expedite Babylon Toolbar's banishment from your browser. Babylon Toolbar has been noted for its cross-browser compatibility, and users of everything from Firefox to Internet Explorer to Chrome shouldn't feel safe from an unwanted Babylon Toolbar installer just because of the brand of browser they prefer.

Unusually for adware and as a mark of its relatively professional design, Babylon Toolbar does include compatibility for Mac-based PCs as well as Windows OSes, which makes Babylon Toolbar a potential nuisance for Apple fans, as well.

Aliases

(Suspicious) - DNAScan [CAT-QuickHeal]probably a variant of Win32/Toolbar.Babylon [NOD32]

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



F:\AdwCleaner\Quarantine\C\Documents and Settings\Plácido Guardiola\Datos de programa\BabSolution\Shared\BabMaint.exe.vir File name: BabMaint.exe.vir
Size: 10.32 KB (10320 bytes)
MD5: f64487396ab10165dc80bc15cf854d31
Detection count: 14,903
Mime Type: unknown/vir
Path: F:\AdwCleaner\Quarantine\C\Documents and Settings\Plácido Guardiola\Datos de programa\BabSolution\Shared\BabMaint.exe.vir
Group: Malware file
Last Updated: September 27, 2023
F:\Users\<username>\AppData\Local\Babylon\Setup\Setup.exe File name: Setup.exe
Size: 1.69 MB (1694832 bytes)
MD5: 66b95612ec087ab7840b3c3b707210b6
Detection count: 5,066
File type: Executable File
Mime Type: unknown/exe
Path: F:\Users\<username>\AppData\Local\Babylon\Setup\Setup.exe
Group: Malware file
Last Updated: January 26, 2023
C:\Users\<username>\AppData\Local\Temp\AF5BB8D1-BAB0-7891-A6B9-43F160CC84A3\Latest\enhancedNT.dll File name: enhancedNT.dll
Size: 173.56 KB (173568 bytes)
MD5: f8e797036593ac1ede14c79852e9bc2b
Detection count: 2,536
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Users\<username>\AppData\Local\Temp\AF5BB8D1-BAB0-7891-A6B9-43F160CC84A3\Latest\enhancedNT.dll
Group: Malware file
Last Updated: September 22, 2023
C:\Users\<username>\AppData\Local\Temp\CDCD85F1-BAB0-7891-85DC-7936863F7C0D\Latest\NTRedirect.dll File name: NTRedirect.dll
Size: 121.85 KB (121856 bytes)
MD5: a934ff2a498261ba8c18a7a5ce06cb05
Detection count: 2,225
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Users\<username>\AppData\Local\Temp\CDCD85F1-BAB0-7891-85DC-7936863F7C0D\Latest\NTRedirect.dll
Group: Malware file
Last Updated: August 24, 2023
%SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir File name: BabMaint.exe.vir
Size: 11.12 KB (11120 bytes)
MD5: e7831e33c81eb10a8f7ba3b608383724
Detection count: 1,251
Mime Type: unknown/vir
Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir
Group: Malware file
Last Updated: August 13, 2023
C:\Users\<username>\AppData\Roaming\BabSolution\Shared\enhancedNT.dll File name: enhancedNT.dll
Size: 187.98 KB (187984 bytes)
MD5: bb829f5bf7b2ac3bb9d21eca9ebf730a
Detection count: 1,162
File type: Dynamic link library
Mime Type: unknown/dll
Path: C:\Users\<username>\AppData\Roaming\BabSolution\Shared\enhancedNT.dll
Group: Malware file
Last Updated: September 9, 2023
F:\AdwCleaner\Quarantine\C\Documents and Settings\Plácido Guardiola\Datos de programa\BabSolution\Shared\enhancedNT.dll.vir File name: enhancedNT.dll.vir
Size: 187.98 KB (187984 bytes)
MD5: e015a11d6002c3498cd92b2cdff64433
Detection count: 319
Mime Type: unknown/vir
Path: F:\AdwCleaner\Quarantine\C\Documents and Settings\Plácido Guardiola\Datos de programa\BabSolution\Shared\enhancedNT.dll.vir
Group: Malware file
Last Updated: June 26, 2023
%LOCALAPPDATA%\BabSolution\AdSubawareRes.dll File name: AdSubawareRes.dll
Size: 819.2 KB (819200 bytes)
MD5: 8bc26c11d7a06032158876c5604f1296
Detection count: 94
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%\BabSolution
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 4.6 KB (4608 bytes)
MD5: f94795b3245214d931fc3d7fb5327213
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: September 28, 2021
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 10.24 KB (10240 bytes)
MD5: 8a036a0c87533284e1a53a54f8a6204e
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: March 6, 2014
%LOCALAPPDATA%\BabSolution\cfgNetM.dll File name: cfgNetM.dll
Size: 19.96 KB (19968 bytes)
MD5: 42f9e833a6b2563e2846ab5dbb41a4d4
Detection count: 44
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%\BabSolution
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 4.6 KB (4608 bytes)
MD5: a1352cbcd6555d0d92589bc9aa1e73af
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 206.27 KB (206274 bytes)
MD5: 755784964001b1d919c924b58b343cbf
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 16.87 KB (16876 bytes)
MD5: 4dbee88fc025677757c20ff2c9a6c0f2
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 10.32 KB (10320 bytes)
MD5: 473e742ce34d4fe3c531b07de334666b
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\AgentBabSolution.exe File name: AgentBabSolution.exe
Size: 345.08 KB (345088 bytes)
MD5: 5a60826873e342a0f9a1c24ffc2b7a39
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\CtrlBabSolution.exe File name: CtrlBabSolution.exe
Size: 345.08 KB (345088 bytes)
MD5: 4664d963f2985799031db2fbfb362989
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\StartBabSolution.exe File name: StartBabSolution.exe
Size: 302.25 KB (302257 bytes)
MD5: e71f3ae803ef34c7df9bc20450d8799e
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 4.6 KB (4608 bytes)
MD5: 96629e985a4f9f57053ba05540a28da6
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 11.12 KB (11120 bytes)
MD5: ad4f4f4d2181d123af4b8e182e0eaf86
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: October 6, 2020
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 164.22 KB (164222 bytes)
MD5: a62d16d2dedf981827cd711121a61cae
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 188.38 KB (188382 bytes)
MD5: 35bd3d05e84aed384eb73529142ada3e
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 187.87 KB (187872 bytes)
MD5: 06d556e90a9c0650a2c901721543fed5
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: March 6, 2014
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 136.64 KB (136649 bytes)
MD5: 3ce3d4981da7be69fa138a1d81037bf5
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: August 1, 2013
%LOCALAPPDATA%\BabSolution\frobanue.dll File name: frobanue.dll
Size: 475.13 KB (475136 bytes)
MD5: ab23bd030204e97933d4c794a312082d
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %LOCALAPPDATA%\BabSolution
Group: Malware file
Last Updated: August 1, 2013
%APPDATA%\BabSolution\Shared\BabMaint.exe File name: BabMaint.exe
Size: 261.08 KB (261088 bytes)
MD5: aa82a8d778af30fa968e6ba72fc841f6
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\BabSolution\Shared
Group: Malware file
Last Updated: August 1, 2013

More files

Registry Modifications

The following newly produced Registry Values are:

CLSID{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}{2EECD738-5844-4a99-B4B6-146BF802613B}{BDB69379-802F-4eaf-B541-F8DE92DD98DB}Regexp file mask%APPDATA%\BabMaint.exe%PROGRAMFILES%\Mozilla Firefox\searchplugins\babylon.xml%PROGRAMFILES(x86)%\Mozilla Firefox\searchplugins\babylon.xmlHKEY..\..\..\..{RegistryKeys}SOFTWARE\BabSolutionSoftware\BabylonToolbarSoftware\Microsoft\Internet Explorer\DOMStorage\babylon.comSoftware\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdaterSoftware\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}SOFTWARE\Wow6432Node\BabylonSOFTWARE\Wow6432Node\babylontoolbarSOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCSSoftware\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}Run keysNTRedirectHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}BabylonToolbar

Additional Information

The following directories were created:
%APPDATA%\BabSolution%PROGRAMFILES%\Babylon Toolbar%PROGRAMFILES%\BabylonToolbar%PROGRAMFILES(x86)%\Babylon Toolbar%PROGRAMFILES(x86)%\BabylonToolbar%TEMP%\mt_ffx\BabylonToolbar%USERPROFILE%\AppData\LocalLow\BabylonToolbar
The following URL's were detected:
BabylonToolbarhttp://isearch.babylon.com/?q=
Loading...