A couple of days ago, one of our colleagues received inquiries from friends and family about snap.do, which, apparently has been a topic of conversation in discussion boards and forums recently. This website promotes Smartbar, a browser helper object (BHO) that Trend Micro detects as SPYW_HIJACK. Checking our systems, there has indeed been a spike in the number of infections in the past couple of days.
BHOs with questionable routines or functionalities are not new: several years ago, the Hotbar adware was topic of very similar conversations Smartbar is getting now (i.e., how one gets infected and how it can be removed). So to shed light on this spyware and, hopefully, keep our readers uninfected, here’s a quick Q&A about about Smartbar:
What is Smartbar and why is it bad?
Smartbar is a browser helper object—to put simply, a browser plug-in—that changes your browser’s home page and collects information about your computer. Below is a screenshot of a browser with the Smartbar plugin installed:
Wait, what are browser plug-ins?
Plug-ins are mini-programs that are installed to a larger software application in order to enhance the said application. For Web browsers, plug-ins are added so that it can play videos, get customized search results, and even detect malware. One popular example of a browser plug-in is Adobe Flash Player.
How is Smartbar installed in my system?
Smartbar is available in the website snap.do. The website contains a link where the installer can be downloaded.
There are also reports that Smartbar is installed automatically (and without users’ consent) by other applications (as part of an installation package), by malware, or by visiting malicious websites.
So Smartbar changes my browser home page. Big deal. I can just close the toolbar to disable it, right?
No, clicking the Close button does not work, so you will have to manually restore your browser settings. And remember, it collects information about your computer.
What information does it collect and how is it able to do that?
- Your IP address
- The screen resolution of your monitor
- The pages you visited
Smartbar also connects to certain website to send and receive information from a remote location.
Is that bad?
Yes. The plug-in, by itself, may not download malicious files, but it may expose your information to possibly malicious users.
How can I remove Smartbar?
As mentioned earlier, we detect this as SPYW_HIJACK, so those who use our solutions like our Trend Micro™ Titanium™ Security products can automatically block and remove this.
You can also remove this manually by uninstalling the program from Control Panel and restoring your browser settings. Our Threat Encyclopedia entry has a nice step-by-step guide on how to do these.