LyricsFan-1

LyricsFan-1

Known Malware

by CrossLyrics

What is LyricsFan-1?

LyricsFan-1 is software application developed by CrossLyrics. It is most commonly found on computers running Windows 7 with nearly 45.71% of installations running this operating system. LyricsFan-1's installer is typically 2.00 MB in size and installs around 15 files.

LyricsFan-1 is most popular in Brazil with 25.53% of installations residing in this country.

LyricsFan-1 adds 1 scheduled task to the Windows Task Scheduler launching the program at randomly scheduled times.

About LyricsFan-1?

LyricsFan-1 is a potentially harmful web browser extension that can take control of the user's browser with the intention of redirecting web searches and injecting advertising. If used in Internet Explorer, the program runs as a Browser Helper Object. The add-in carries out a range of actions, such as hijacking advertising on non-associated websites and injecting its own advertising in the form of contextual link ads, banner ads, popups, and pop-overs, including hijacking known ad-serving sites. This malware is frequently bundled with various third-party unwanted applications and distributed through web browser exploits. While the program may include an uninstaller and be listed in the Windows Add/Remove Programs, completely removing it can be quite challenging and may require the use of an anti-malware product.

Multiple virus scanners have detected malware in LyricsFan-1.

utils.exe (MD5: 49969f5ccfa76ca801ad078bd208dc04) has been flagged by 13 scanners:
Scanner Software Result
Bkav FE HW32.CDB
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Malwarebytes PUP.Optional.Lyrics.A
TrendMicro-HouseCall TROJ_GEN.F47V0825
VIPRE Antivirus Adware.AddLyrics (fs)
Baidu-International Adware.Win32.BHO.45
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.J
McAfee Artemis!2F7615C396A5
McAfee-GW-Edition Artemis!2F7615C396A5
Sophos Lyrmix Agent
Symantec Adware.FindLyrics
Trend Micro ADW_GAMEPLAYLABS
K7 AntiVirus Riskware
LyricsFan-1-updater.exe (MD5: 4779ebf584afac9b44e8fff5270dd44b) has been flagged by 12 scanners:
Scanner Software Result
ESET-NOD32 probably a variant of Win32/Toolbar.CrossRider.I
K7 AntiVirus Riskware
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Malwarebytes PUP.Optional.Lyrics.A
McAfee Artemis!4779EBF584AF
McAfee-GW-Edition Artemis!4779EBF584AF
Sophos Lyrmix Agent
Symantec WS.Reputation.1
VIPRE Antivirus Crossrider (fs)
TrendMicro-HouseCall TROJ_GEN.F47V0915
Baidu-International HackTool.Win64.Crossrider.A
Bkav FE W32.Clodbf6.Trojan.80d1
LyricsFan-1-firefoxinstaller.exe (MD5: 2f7615c396a51d8a69ce9323a52eb3ca) has been flagged by 13 scanners:
Scanner Software Result
Baidu-International Adware.Win32.BHO.45
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.J
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Malwarebytes PUP.Optional.Lyrics.A
McAfee Artemis!2F7615C396A5
McAfee-GW-Edition Artemis!2F7615C396A5
Sophos Lyrmix Agent
Symantec Adware.FindLyrics
Trend Micro ADW_GAMEPLAYLABS
TrendMicro-HouseCall ADW_GAMEPLAYLABS
VIPRE Antivirus Crossrider (fs)
K7 AntiVirus Riskware
Bkav FE W32.Clodbf6.Trojan.80d1
LyricsFan-1-enabler.exe (MD5: 4b28f97499af54a82da31c0ab58a4c83) has been flagged by 10 scanners:
Scanner Software Result
ESET-NOD32 probably a variant of Win32/Toolbar.CrossRider.I
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Malwarebytes PUP.Optional.Lyrics.A
McAfee Artemis!4B28F97499AF
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K
Sophos Lyrmix Agent
TrendMicro-HouseCall TROJ_GEN.F47V0915
VIPRE Antivirus Crossrider (fs)
Baidu-International HackTool.Win64.Crossrider.A
Bkav FE W32.Clodbf6.Trojan.80d1
LyricsFan-1-codedownloader.exe (MD5: e5e300dd6065d9f71b3e51c7fd11973c) has been flagged by 8 scanners:
Scanner Software Result
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.I
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Malwarebytes PUP.Optional.Lyrics.A
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K
Sophos Lyrmix Agent
VIPRE Antivirus Crossrider (fs)
TrendMicro-HouseCall TROJ_GEN.F47V0917
Bkav FE HW32.Laneul.wauu

Software Behaviors

Scheduled tasks:
  • LyricsFan-1-enabler.exe is scheduled as a task named 'temp_LyricsFan-1-enabler'.

Startup Entries

Startup tasks:
  • LyricsFan-1-firefoxinstaller.exe is automatically launched at startup through a scheduled task named LyricsFan-1-firefoxinstaller.
  • LyricsFan-1-chromeinstaller.exe is automatically launched at startup through a scheduled task named LyricsFan-1-chromeinstaller.
  • LyricsFan-1-updater.exe is automatically launched at startup through a scheduled task named LyricsFan-1-updater.
  • LyricsFan-1-enabler.exe is automatically launched at startup through a scheduled task named LyricsFan-1-enabler.
  • LyricsFan-1-codedownloader.exe is automatically launched at startup through a scheduled task named LyricsFan-1-codedownloader.

Software Details

URL:
–
Support:
–
Installation path:
C:\Program Files\LyricsFan-1
Uninstaller:
C:\Program Files\LyricsFan-1\Uninstall.exe /fromcontrolpanel=1
Size:
2.00 MB
Language:
English

LyricsFan-1 Executable Details

Primary executable:
utils.exe
Name:
LyricsFan-1
Path:
C:\Program Files\LyricsFan-1\utils.exe
MD5:
49969f5ccfa76ca801ad078bd208dc04
SHA-1:
–
SHA-256:
–
Files installed by LyricsFan-1
File Type Filename MD5
EXE
uninstall.exe
756f238d9d267a4a550f792f5522c68e
EXE
utils.exe
Malware
49969f5ccfa76ca801ad078bd208dc04
EXE
LyricsFan-1-helper.exe
cca968de092461782b642900b54879c2
DLL
LyricsFan-1-buttonutil64.dll
a658e214e8326670c45da71c9f3e6904
DLL
LyricsFan-1-buttonutil.dll
3acee7d94f78c838b5787c42f3712f4b
EXE
LyricsFan-1-updater.exe
Malware
4779ebf584afac9b44e8fff5270dd44b
EXE
LyricsFan-1-firefoxinstaller.exe
Malware
2f7615c396a51d8a69ce9323a52eb3ca
EXE
LyricsFan-1-enabler.exe
Malware
4b28f97499af54a82da31c0ab58a4c83
EXE
LyricsFan-1-codedownloader.exe
Malware
e5e300dd6065d9f71b3e51c7fd11973c
EXE
LyricsFan-1-chromeinstaller.exe
Malware
5e2c82f86c79d99037c3c8c2b7fb6406