AVG Toolbar - is a browser hijacker that was created in 2011 by AVG and was bundled with every AVG product untill 2014. However, this toolbar can be still downloaded from sites like Softonic or download.com.
AVG Toolbar might be installed on the user's PC using various software downloaders (e.g. CNET Download.com).
AVG Toolbar installs itself in a folder under Program Files, for example:
- Program Files\AVG Antivirus 2012 Beta\Toolbar
- Program Files\AVG Toolbar\
- Program Files\CNET.com Downloader Data\Freemake Video Converter\AVG Toolbar
The family consists of multiple components, whose file names vary from one version to another. We have seen variants use the following file names for the main component:
It might install itself as a Firefox extension with one of the following names:
- "AVG Toolbar ", avg_toolbar_9.0.xpi
- "AVG Toolbar", avg_toolbar_8.0_beta.xpi
In Chrome, it might use these names:
- "AVG Toolbar", AVGToolbar.crx
In Internet Explorer, it might use this name:
- "AVG Toolbar", ToolbarM.dll
AVG Toolbar hooks a number of APIs to:
- Prevent itself from being stopped or removed
- Monitor registry and file system changes to prevent certain registry keys and files from being modified
the user's browser startup homepage is modified to refer to a different variable by replacingbrowser.startup.homepage with browser.startup.homepage.CT.