Limited Time!
Totally FREE Web Design!
Click here!

Parasite: ClickTheButton

This record last updated Tue Sep 20 2005 00:34:15

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

ClickTheButton (clickthebutton.com) is adware implementated as a process ctbClick.exe run on Windows startup (ctbclick.exe) with associated files in the folder Clickthebutton in Program Files and CTB3_Shared in the Windows folder.

Described as a price comparison service, it detects when you are visiting a known shopping site and pops up showing sponsored links to competitor sites.

ClickTheButton is distributed and controlled by Razor Media (razormedia.net), who also control the DailyWinner, SvcMM and WhileYouSurf parasites as well as some variants of the FavoriteMan parasite.

Distribution

Silently installed by the FavoriteMan/Favorite parasite. Bundled with old versions of Kazaa.

What it does

Advertising

Yes. ClickTheButton downloads parts of advertising pages when you visit a new web site. When a complete advert has arrived it will be displayed, usually as a pop-up or pop-under window.

Privacy violation

Yes. ClickTheButton monitors visits of known shopping sites.

Security issues

Unknown.

Stability problems

None known.

Removal

Removable using the ‘ClickTheButton’ in the Control Panel’s ‘Add/Remove Programs’ list, though some files and registry keys are left behind.

Manual removal

Open the registry (click ‘Start’, choose ‘Run’ and enter ‘regedit’) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the ‘ClickTheButton’ entry on the right. To clean up, you can also delete the key HKEY_LOCAL_MACHINE\Software\CTB_BrandedClient, as well as the following subkeys of HKEY_CLASSES_ROOT:

CtbClient.*
CtbSession.*
CtbShopper.*
CtbXML.*
CLSID\{20AF9F6E-50E7-4E9B-9DCD-9EDDA5E1D018}
CLSID\{32FCEA3A-3931-48D3-B06F-7A008FD0B81C}
CLSID\{5B4F7B80-AC0C-45F4-8A2F-BF00E1FAD467}
CLSID\{69F34149-9C9A-433C-BBDC-F483BE3D3565}
CLSID\{8FBFAA1A-8B61-4693-ABA2-026842F3D460}
CLSID\{97EC710E-2EA9-45CF-A253-693445945505}
CLSID\{AB4DD0F0-38DA-4F48-AAFE-7DE7323BB6B2}
CLSID\{B498E721-147C-4813-AC3F-C18CC92C3E39}
CLSID\{B4B04258-F478-4046-8861-0DE3865C7882}
CLSID\{C4FCF5FA-2618-40C0-A059-9DA094FC5535}
CLSID\{CCB29DF8-7279-41EE-B2E0-082E3A5DA1EC}
CLSID\{DD19FDC4-7795-41FE-B969-DE4714AF077D}
CLSID\{DF271F00-8CD8-493E-B64E-2065673641CB}
CLSID\{EAFDF6E6-B123-420C-B951-790E5C1C0840}
Interface\{E8722799-E8F8-4229-B349-FCBF9F50FB01}
Interface\{F6400E73-4948-4C87-B086-41611E6618E5}
TypeLib\{141D6993-F82F-429E-9C21-124A4737A142}
TypeLib\{5AE40EA3-1FE8-4941-8F76-F58DA5C73430}
TypeLib\{A79A9676-5EF0-4BF4-A481-DDA77872C7CB}

Restart the computer and you should be able to delete the ‘CTB3_Shared’ folder from the Windows folder, and the ‘CTBHooks.dll’ file from the System folder (which is inside the Windows folder, called ‘System32’ on Windows NT/2000/XP, or ‘System’ on Windows 95/98/Me).