PackageTracking Toolbar Removal Guide

Do you know what PackageTracking Toolbar is?

PackageTracking Toolbar is a browser extension that is supposed to allow tracking the status of your shipments. However, our malware researchers classified it as a bad toolbar and recommend removing it right away. It is a hybrid malware because it has traits similar of those found in browser hijackers and adware. So this toolbar can replace your browser’s homepage without your consent and commercial advertisements. Note that the ads are displayed via the replaced homepage so these two functions are interlinked. Toolbars such as this one are not known to display ads via the browser extension itself. Regardless, we believe that it is necessary to get rid of this program before it causes you trouble. So read this article if you currently have this toolbar on your PC.

There is only one company that makes such toolbars in large numbers. It is called Mindspark Interactive Network, Inc. This infamous software developer is very well known to the cyber security industry as it rolls out dozens of similar applications each month. Therefore, we would like to mention some of its more recent releases that include the following: GasGlance Toolbar, FlightSearch Toolbar, YourTemplateFinder Toolbar, and SendFilesFree Toolbar. All of the aforementioned toolbars are similar in the way they work and their only difference being the official functionality that we will discuss in just a bit.PackageTracking Toolbar Removal GuidePackageTracking Toolbar screenshot
Scroll down for full removal instructions

However, knowing how this application is disseminated is important to avoid similar ones in the future. Malware applications are becoming more and more widespread and their distribution methods vary as much as the malware itself. However, PackageTracking Toolbar follows a pattern set by its developers. Firstly, its developers set this program up with a dedicated distribution website at Packagetracking.net. The appearance of this website gives the impression that its promoted application is very useful, and it could be, but it has inherent flaws that we are also going to cover. Another method Mindspark uses is software bundling. Users often get it with bundled software that is featured on shady shareware websites. Interestingly, this toolbar is most “popular” in the US with 81.2% of all infections followed by Canada with 9.5%, and the UK with 7.3%. Now that we got this out of the way let us move on to how this toolbar works.

Officially, this application is supposed to let you track the locations of your shipments if you are using FedEX, UPS or USPS. It has a built-in function for this, but we did not test it. It also features two dozens of links to the websites of various postal companies from around the globe. Note that these websites are legitimate and do not pose a threat to your computer’s security. However, and mentioned in the beginning, PackageTracking Toolbar replaces the browser’s homepage with its promoted one. So it changes it Home.tb.ask.com. This is a modified Ask.com-based search engine that can display advertisements that are retrieved from a remote server. Mindspark does not endorse its promoted content, and it is quite possible that this toolbar will promote shady entities that can infect your computer with spyware and other malicious software that can compromise not only your computer’s but your personal security as well.

PackageTracking Toolbar’s malicious behavior can also be observed from how many modifications it does to the browser files and the number of registry keys it has to add to function. This program creates hundreds of registry keys, but due to limited length, we will show you how to manually delete the most important ones. Now let us go deeper into the unknown and dissect this program’s core. First of all, PackageTracking Toolbar will create directories in the following Windows directories:

  • %PROGRAMFILES%\PackageTracking_dh (32bit OS.)
  • %PROGRAMFILES(x86)%\PackageTracking_dh (64bit OS.)
  • %UserProfile%\Local Settings\Application Data\PackageTracking_dh.
  • %LOCALAPPDATA%\PackageTracking_dh.
  • %USERPROFILE%\Application Data\PackageTracking_dh.
  • %USERPROFILE%\AppData\LocalLow\PackageTracking_dh.

It is also very important to note that this toolbar will modify main files of Google Chrome and Mozilla Firefox. For Firefox it will create directories at %AppData%\Mozilla\Firefox\Profiles\*.default\PackageTracking_dh and %AppData%\Mozilla\Firefox\Profiles\*.default\extensions\*Members_@free.PackageTracking.com. However for Chrome it creates a total of nine directories but most of them are featured in %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions, %UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions and %LocalAppData%\Google\Chrome\User Data\Default\Local Storage. Note that it does not modify the files of Internet Explorer because all of the modifications to this browser are made at the registry level. We would also like to briefly mention where most of its registry keys are located, because some of them are scattered in different directories. So most of the registry keys are located in the following locations:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PackageTracking_dhbar.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PackageTracking_dhbar.
  • HKLM\SOFTWARE\PackageTracking_dh.
  • HKLM\SOFTWARE\Wow6432Node\PackageTracking_dh.
  • HKLM\SOFTWARE\Wow6432Node\@PackageTracking*.
  • HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{bba6af07-0e2d-46e5-a25f-87179a57aa50}.
  • HKCR\Typelib.
  • HKCR\interface.
  • HKCR\CLSID.

So the modifications this toolbar makes to your computer are quite extensive. And, because this program has no benefits, but disadvantages, we recommend that you remove using our instructions. We will show you how to delete the essential files that remain after you uninstall it from the computer and browser. If you want to wipe out every trace of this infection, then we suggest getting our recommended antimalware program. But, whichever method you opt for will be a lot better than keeping such as pad program.

Uninstall via Control Panel

Windows XP

  1. Click the Start button located on the Taskbar.
  2. Go to Control Panel and click Add or Remove Program.
  3. Locate the malicious software and click the Remove button.

Windows 7 and Vista

  1. Click the Start button located on the Taskbar.
  2. Go to Control Panel and click Uninstall a program.
  3. Locate the application and click the Uninstall button.

Windows 8 and Windows 8.1

  1. Open the Charm Bar and click Search.
  2. Open the Control Panel and select Uninstall a program.
  3. Locate the unwanted program and double-click on it.
  4. Click Uninstall.

Windows 10

  1. Enter Control Panel in the search bar located on the Taskbar.
  2. Go to Uninstall a program and locate the unwanted application.
  3. Then, double-click on it.
  4. Click the Uninstall button.

How to uninstall this toolbar from your browser

Mozilla Firefox

  1. Press Ctrl+Shift+A.
  2. Select Extensions.
  3. Locate the extension and click Remove.

Microsoft Internet Explorer

  1. Press Alt+T.
  2. Select Manage add-ons and click Toolbars and extensions.
  3. Locate the toolbar and click Remove.

Google Chrome

  1. Press Alt+F.
  2. Select More tools and click Extensions.
  3. Locate the malicious plug-in and click Remove.

Delete the remaining junk files

  1. Simultaneously press the Windows Key+E keys.
  2. Enter C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage in the address bar.
  3. Locate and delete the following files.
  • http_packagetracking.dl.tb.ask.com_0.localstorage-journal
  • http_packagetracking.dl.tb.ask.com_0.localstorage
  • http_packagetracking.dl.myway.com_0.localstorage-journal
  • http_packagetracking.dl.myway.com_0.localstorage
  1. Then go to C:\Program Files or C:\Program Files (x86.)
  2. Locate and delete PackageTracking_dh, dhUninstall PackageTracking.dll, and dhres.dll.

Delete the remaining keys from the Windows Registry

  1. Simultaneously press the Windows Key+R keys.
  2. enter regedit in the box and click OK.
  3. Locate and delete the following registry keys.
  • HKEY_CURRENT_USER\Software\AppDataLow\Software\PackageTracking_dh.
  • HKEY_CURRENT_USER\Software\Microsoft\Internet.
  • Explorer\DOMStorage\packagetracking.dl.tb.ask.com.
  • HKEY_CURRENT_USER\Software\Microsoft\Internet.
  • Explorer\SearchScopes\{79e5f137-ae72-4090-ae49-4516954fe3a4}.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet.
  • Explorer\SearchScopes\{79e5f137-ae72-4090-ae49-4516954fe3a4}.
  • HKEY_CURRENT_USER\Software\PackageTracking_dh.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PackageTracking_dh.

In non-techie terms:

PackageTracking Toolbar is a malicious browser toolbar that after installing it changes your browser’s default homepage to its promoted search engine. This search engine is legitimate. However, the toolbar is set to connect to a remote server that retrieves and inject promotional links inside the search results. It is likely that these search results will be littered with links to malicious websites that promote malware. Therefore, we encourage you to get rid of it as soon as possible using one of our suggested removal methods discussed in this article.