LyricsFan-1

LyricsFan-1

Known Malware

by CrossLyrics

What is LyricsFan-1?

LyricsFan-1 is software application developed by CrossLyrics. It is most commonly found on computers running Windows 7 with nearly 45.71% of installations running this operating system. LyricsFan-1's installer is typically 2.00 MB in size and installs around 15 files.

LyricsFan-1 is most popular in Brazil with 25.53% of installations residing in this country.

LyricsFan-1 adds 1 scheduled task to the Windows Task Scheduler launching the program at randomly scheduled times.

About LyricsFan-1?

LyricsFan-1 is a potentially harmful web browser extension that can take control of the user's browser with the intention of redirecting web searches and injecting advertising. If used in Internet Explorer, the program runs as a Browser Helper Object. The add-in carries out a range of actions, such as hijacking advertising on non-associated websites and injecting its own advertising in the form of contextual link ads, banner ads, popups, and pop-overs, including hijacking known ad-serving sites. This malware is frequently bundled with various third-party unwanted applications and distributed through web browser exploits. While the program may include an uninstaller and be listed in the Windows Add/Remove Programs, completely removing it can be quite challenging and may require the use of an anti-malware product.

Multiple virus scanners have detected malware in LyricsFan-1.

utils.exe (MD5: 49969f5ccfa76ca801ad078bd208dc04) has been flagged by 13 scanners:
Scanner Software Result
Bkav FE HW32.CDB
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Malwarebytes PUP.Optional.Lyrics.A
TrendMicro-HouseCall TROJ_GEN.F47V0825
VIPRE Antivirus Adware.AddLyrics (fs)
Baidu-International Adware.Win32.BHO.45
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.J
McAfee Artemis!2F7615C396A5
McAfee-GW-Edition Artemis!2F7615C396A5
Sophos Lyrmix Agent
Symantec Adware.FindLyrics
Trend Micro ADW_GAMEPLAYLABS
K7 AntiVirus Riskware
LyricsFan-1-updater.exe (MD5: 4779ebf584afac9b44e8fff5270dd44b) has been flagged by 12 scanners:
Scanner Software Result
ESET-NOD32 probably a variant of Win32/Toolbar.CrossRider.I
K7 AntiVirus Riskware
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Malwarebytes PUP.Optional.Lyrics.A
McAfee Artemis!4779EBF584AF
McAfee-GW-Edition Artemis!4779EBF584AF
Sophos Lyrmix Agent
Symantec WS.Reputation.1
VIPRE Antivirus Crossrider (fs)
TrendMicro-HouseCall TROJ_GEN.F47V0915
Baidu-International HackTool.Win64.Crossrider.A
Bkav FE W32.Clodbf6.Trojan.80d1
LyricsFan-1-firefoxinstaller.exe (MD5: 2f7615c396a51d8a69ce9323a52eb3ca) has been flagged by 13 scanners:
Scanner Software Result
Baidu-International Adware.Win32.BHO.45
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.J
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Malwarebytes PUP.Optional.Lyrics.A
McAfee Artemis!2F7615C396A5
McAfee-GW-Edition Artemis!2F7615C396A5
Sophos Lyrmix Agent
Symantec Adware.FindLyrics
Trend Micro ADW_GAMEPLAYLABS
TrendMicro-HouseCall ADW_GAMEPLAYLABS
VIPRE Antivirus Crossrider (fs)
K7 AntiVirus Riskware
Bkav FE W32.Clodbf6.Trojan.80d1
LyricsFan-1-enabler.exe (MD5: 4b28f97499af54a82da31c0ab58a4c83) has been flagged by 10 scanners:
Scanner Software Result
ESET-NOD32 probably a variant of Win32/Toolbar.CrossRider.I
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Malwarebytes PUP.Optional.Lyrics.A
McAfee Artemis!4B28F97499AF
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K
Sophos Lyrmix Agent
TrendMicro-HouseCall TROJ_GEN.F47V0915
VIPRE Antivirus Crossrider (fs)
Baidu-International HackTool.Win64.Crossrider.A
Bkav FE W32.Clodbf6.Trojan.80d1
LyricsFan-1-codedownloader.exe (MD5: e5e300dd6065d9f71b3e51c7fd11973c) has been flagged by 8 scanners:
Scanner Software Result
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.I
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Malwarebytes PUP.Optional.Lyrics.A
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K
Sophos Lyrmix Agent
VIPRE Antivirus Crossrider (fs)
TrendMicro-HouseCall TROJ_GEN.F47V0917
Bkav FE HW32.Laneul.wauu

Software Behaviors

Scheduled tasks:
  • LyricsFan-1-enabler.exe is scheduled as a task named 'temp_LyricsFan-1-enabler'.

Startup Entries

Startup tasks:
  • LyricsFan-1-firefoxinstaller.exe is automatically launched at startup through a scheduled task named LyricsFan-1-firefoxinstaller.
  • LyricsFan-1-chromeinstaller.exe is automatically launched at startup through a scheduled task named LyricsFan-1-chromeinstaller.
  • LyricsFan-1-updater.exe is automatically launched at startup through a scheduled task named LyricsFan-1-updater.
  • LyricsFan-1-enabler.exe is automatically launched at startup through a scheduled task named LyricsFan-1-enabler.
  • LyricsFan-1-codedownloader.exe is automatically launched at startup through a scheduled task named LyricsFan-1-codedownloader.

Software Details

URL:
–
Support:
–
Installation path:
C:\Program Files\LyricsFan-1
Uninstaller:
C:\Program Files\LyricsFan-1\Uninstall.exe /fromcontrolpanel=1
Size:
2.00 MB
Language:
English

LyricsFan-1 Executable Details

Primary executable:
utils.exe
Name:
LyricsFan-1
Path:
C:\Program Files\LyricsFan-1\utils.exe
MD5:
49969f5ccfa76ca801ad078bd208dc04
SHA-1:
–
SHA-256:
–
Files installed by LyricsFan-1
File Type Filename MD5
EXE
LyricsFan-1-buttonutil64.exe
6affed5d22441299fb97510871951ec8
EXE
LyricsFan-1-buttonutil.exe
089c0165223715c696c14e85ed7513c4
DLL
LyricsFan-1-bho64.dll
Malware
6fd131375424dc12701bcd01dffe3f21
DLL
LyricsFan-1-bho.dll
Malware
ed214c458e89e0e1e9c30ef975ec9ec7
EXE
LyricsFan-1-bg.exe
8685771707f3b9c9c00e7ffb64fb7b7b