What is Expat_Shield Toolbar?

Expat_Shield Toolbar is software application developed by AnchorFree Inc. It is most commonly found on computers running Windows 7 with nearly 76.00% of installations running this operating system. Expat_Shield Toolbar's installer is typically 2.00 MB in size and installs around 26 files.

Expat_Shield Toolbar is most popular in the United States with 33.09% of installations residing in this country.

Expat_Shield Toolbar adds 2 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times. When using a computer that is connected to the internet, Expat_Shield Toolbar is known to create 1 firewall exception to allow inbound and outbound connectivity.

About Expat_Shield Toolbar?

"The Expat Shield software is a virtual private network (VPN) program designed to provide users with access to UK TV websites including BBC iPlayer and ITV from anywhere outside of the UK. By routing the user's IP address through a UK IP address, Expat Shield allows individuals to bypass geographic restrictions and access UK-based content as if they were still in the UK. This effectively circumvents the blocks put in place by the BBC and other UK TV websites to prevent access from non-UK IP addresses."

Multiple virus scanners have detected malware in Expat_Shield Toolbar.

uninstall.exe (MD5: b728fa6a309e5d18141947b95b730e95) has been flagged by 3 scanners:

Scanner Software	Version	Result
Panda Antivirus	10.0.3.5	PUP/Conduit.A
VIPRE Antivirus	26380	Conduit (fs)
ESET-NOD32	9148	a variant of Win32/Toolbar.Conduit.P

prxtbExp0.dll (MD5: c89d9c80fd468c6b51c4aadcc8463c2d) has been flagged by 13 scanners:

Scanner Software	Version	Result
AVware	1.5.0.21	Conduit (fs)
Baidu-International	3.5.1.41473	PUA.Win32.Conduit.BX
ESET-NOD32	10641	a variant of Win32/Toolbar.Conduit.X
G Data	24	Win32.Application.Conduit.F
Panda Antivirus	10.0.3.5	PUP/Conduit.A
VIPRE Antivirus	31234	Conduit (fs)
Bkav FE	1.3.0.6379	W32.HfsAdware.C534
Dr.Web	7.0.12.3050	Adware.Conduit.300
IKARUS anti.virus	T3.1.6.1.0	PUA.ClientConnect
Fortinet FortiGate	5.0.999.0	Riskware/Toolbar_Conduit
Comodo Security	17676	Application.Win32.Conduit.~A
Malwarebytes	1.75.0.1	PUP.Optional.Conduit
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.F47V1113

ldrtbExp0.dll (MD5: 76b3946090c94bb38dbbca54ac8ff9f7) has been flagged by 3 scanners:

Scanner Software	Version	Result
ESET-NOD32	9264	a variant of Win32/Toolbar.Conduit.P
VIPRE Antivirus	25220	Conduit (fs)
Panda Antivirus	10.0.3.5	PUP/Conduit.A

Expat_ShieldToolbarHelper1.exe (MD5: a320df2b47cfcaf98d06eb59cd72084c) has been flagged by 7 scanners:

Scanner Software	Version	Result
Bkav FE	1.3.0.6379	W32.HfsAdware.C534
Dr.Web	7.0.12.3050	Adware.Conduit.300
G Data	25	Win32.Adware.Conduit.B
IKARUS anti.virus	T3.1.6.1.0	PUA.ClientConnect
Panda Antivirus	4.6.4.2	PUP/Conduit.A
ESET-NOD32	9883	a variant of Win32/Toolbar.Conduit.B
VIPRE Antivirus	29884	Conduit (fs)

tbExp1.dll (MD5: 02de6b9ae1269af813fe8b629ee50093) has been flagged by 3 scanners:

Scanner Software	Version	Result
ESET-NOD32	9883	a variant of Win32/Toolbar.Conduit.B
Panda Antivirus	10.0.3.5	PUP/Conduit.A
VIPRE Antivirus	29884	Conduit (fs)

Software Behaviors

Firewall:

Expat_ShieldToolbarHelper1.exe is added as a firewall exception for 'C:\Program Files\eTvOnline.ro\eTvOnline.roToolbarHelper.exe'.

Scheduled tasks:

uninstall.exe is scheduled as a task with the class '{42CD7A24-AF4B-44A0-A119-1C6F9B6E2A90}' (runs on registration).
Expat_ShieldToolbarHelper1.exe is scheduled as a task with the class '{B8E8E278-F25D-478A-BAB2-24A5EDB01F6C}' (runs on registration).

Software Details

URL:

https://expatshield.ourtoolbar.com

Support:

–

Installation path:

C:\Program Files\expat_shield

Uninstaller:

C:\Program Files\Expat_Shield\uninstall.exe

Size:

2.00 MB

Language:

English

Expat_Shield Toolbar Executable Details

Primary executable:

tbExp2.dll

Name:

Expat_Shield Toolbar

Path:

C:\Program Files\expat_shield\tbExp2.dll

MD5:

73406fa9287b36ca4163797c73a2cd04

SHA-1:

–

SHA-256:

–

File Type

Filename

MD5

EXE

uninstall.exe

Toolbar

b728fa6a309e5d18141947b95b730e95

EXE

UNWISE.EXE

5cf949316c40314d66b45f0bf00aa6f6

DLL

prxtbExp0.dll

Malware

c89d9c80fd468c6b51c4aadcc8463c2d

DLL

ldrtbExp0.dll

Malware

76b3946090c94bb38dbbca54ac8ff9f7

EXE

Expat_ShieldToolbarHelper1.exe

Malware

a320df2b47cfcaf98d06eb59cd72084c

DLL

tbExp1.dll

Malware

02de6b9ae1269af813fe8b629ee50093

DLL

tbExp0.dll

Malware

975993043e355206a1fba5a702044f0c

DLL

tbExp2.dll

Malware

73406fa9287b36ca4163797c73a2cd04

DLL

hktbExp0.dll

f7057821b040a7d169711ce27c55012a

DLL

hk64tbExp0.dll

bbccf6b24155d931fd339c6c4210710c

File Type	Filename	MD5
EXE	uninstall.exe Toolbar	b728fa6a309e5d18141947b95b730e95
EXE	UNWISE.EXE	5cf949316c40314d66b45f0bf00aa6f6
DLL	prxtbExp0.dll Malware	c89d9c80fd468c6b51c4aadcc8463c2d
DLL	ldrtbExp0.dll Malware	76b3946090c94bb38dbbca54ac8ff9f7
EXE	Expat_ShieldToolbarHelper1.exe Malware	a320df2b47cfcaf98d06eb59cd72084c
DLL	tbExp1.dll Malware	02de6b9ae1269af813fe8b629ee50093
DLL	tbExp0.dll Malware	975993043e355206a1fba5a702044f0c
DLL	tbExp2.dll Malware	73406fa9287b36ca4163797c73a2cd04
DLL	hktbExp0.dll	f7057821b040a7d169711ce27c55012a
DLL	hk64tbExp0.dll	bbccf6b24155d931fd339c6c4210710c

Expat_Shield Toolbar

What is Expat_Shield Toolbar?

About Expat_Shield Toolbar?

Multiple virus scanners have detected malware in Expat_Shield Toolbar.

Software Behaviors

Software Details

Expat_Shield Toolbar Executable Details