What is HeadlineAlley Internet Explorer Toolbar?

HeadlineAlley Internet Explorer Toolbar is software application developed by Mindspark Interactive Network. It is most commonly found on computers running Windows 7 with nearly 58.80% of installations running this operating system. HeadlineAlley Internet Explorer Toolbar's installer is typically 8.00 MB in size and installs around 60 files.

HeadlineAlley Internet Explorer Toolbar is most popular in the United States with 86.24% of installations residing in this country.

HeadlineAlley Internet Explorer Toolbar adds 3 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times.

About HeadlineAlley Internet Explorer Toolbar?

HeadlineAlley is a browser toolbar developed by Mindspark that provides users with the capability to customize their search and home pages to Ask.com (or MyWebSearch).

Multiple virus scanners have detected malware in HeadlineAlley Internet Explorer Toolbar.

AppIntegrator64.exe (MD5: 143d634f4f93155d3a4d430c2cf60d11) has been flagged by 18 scanners:

Scanner Software	Version	Result
AhnLab-V3	2014.10.09.00	PUP/Win32.MyWebSearch
Antiy-AVL	1.0.0.1	RiskWare[WebToolbar:not-a-virus]/Win32.MyWebSearch
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	14.0.0.4037	Zango
Baidu-International	3.5.1.41473	Adware.Win32.MyWebSearch.Aki
Fortinet FortiGate	5.1.152.0	Riskware/MyWebSearch
Kaspersky	12.0.0.1225	not-a-virus:WebToolbar.Win32.MyWebSearch.si
Malwarebytes	1.75.0.1	PUP.Optional.MindSpark
Panda Antivirus	10.0.4.2	Adware/WebSearch
Qihoo-360	1.0.0.1015	Win32/Virus.WebToolbar.30b
Tencent	1.0.0.1	Win32.Trojan.Falsesign.Dvqb
VIPRE Antivirus	33754	MyWebSearch.J (v) (not malicious)
Bkav FE	1.3.0.4613	W32.Clodc29.Trojan.ff33
Dr.Web		Adware.BGuard.38
ESET-NOD32	9264	Win32/Toolbar.MyWebSearch.W
F-Prot	4.7.1.166	W32/Mywebsearch.H2.gen!Eldorado
Kingsoft AntiVirus	2013.4.9.267	Win32.Troj.Generic.a.(kcloud)
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.F47V0828

APPINTEGRATOR.EXE (MD5: b6940fe9d6fc34ef59f1028ae6018fe1) has been flagged by 21 scanners:

Scanner Software	Version	Result
AhnLab-V3	2014.10.30.00	PUP/Win32.MyWebSearch
Antiy-AVL	1.0.0.1	RiskWare[WebToolbar:not-a-virus]/Win32.MyWebSearch
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	14.0.0.4040	MyWebSearch
AVware	1.5.0.21	MyWebSearch.J (v)
Baidu-International	3.5.1.41473	Adware.Win32.MyWebSearch.am
ESET-NOD32	10639	a variant of Win32/Toolbar.MyWebSearch.AJ
Fortinet FortiGate	5.0.999.0	Riskware/MyWebSearch
G Data	24	Win32.Adware.Mindspark.C
Kaspersky	12.0.0.1225	not-a-virus:WebToolbar.Win32.MyWebSearch.si
Kingsoft AntiVirus	2013.4.9.267	Win32.Troj.MyWebSearch.si.(kcloud)
Malwarebytes	1.75.0.1	PUP.Optional.MindSpark
Qihoo-360	1.0.0.1015	Win32/Virus.WebToolbar.30b
Tencent	1.0.0.1	Win32.Trojan.Falsesign.Pgcq
TrendMicro-HouseCall	9.700.0.1001	Suspicious_GEN.F47V0812
VIPRE Antivirus	34342	MyWebSearch.J (v) (not malicious)
Zillya	2.0.0.1966	Adware.MyWebSearch.Win32.1392
Panda Antivirus	10.0.4.2	Adware/WebSearch
Bkav FE	1.3.0.4613	W32.Clodc29.Trojan.ff33
Dr.Web		Adware.BGuard.38
F-Prot	4.7.1.166	W32/Mywebsearch.H2.gen!Eldorado

29brmon64.exe (MD5: 04d84d59d341dc861f20c961b5882eae) has been flagged by 5 scanners:

Scanner Software	Version	Result
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	13.0.0.3169	Zango
Baidu-International	3.5.1.41473	Adware.Win32.Mindspark.71
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.F47V0312
VIPRE Antivirus	28506	MyWebSearch.J (v) (not malicious)

29brmon.exe (MD5: 35d6caaa9e4d82974a74dbdb53801f98) has been flagged by 11 scanners:

Scanner Software	Version	Result
Antiy-AVL	2.0.3.7	Trojan/win32.agent.gen
avast!	8.0.1489.320	Win32:PUP-gen [PUP]
AVG	13.0.0.3169	AdInstaller.FunWeb
Bkav FE	1.3.0.4613	W32.Clodc29.Trojan.ff33
Dr.Web		Adware.BGuard.38
ESET-NOD32	9264	Win32/Toolbar.MyWebSearch.W
VIPRE Antivirus	25220	MyWebSearch.J (v) (not malicious)
F-Prot	4.7.1.166	W32/Mywebsearch.H2.gen!Eldorado
Kingsoft AntiVirus	2013.4.9.267	Win32.Troj.Generic.a.(kcloud)
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.F47V0828
Baidu-International	3.5.1.41473	Adware.Win32.Mindspark.71

NP29Stub.dll (MD5: 997b29cedba92cc828990a32fffb8129) has been flagged by 8 scanners:

Scanner Software	Version	Result
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	13.0.0.3169	Zango
ESET-NOD32	8944	Win32/Toolbar.MyWebSearch.T
F-Prot	4.7.1.166	W32/Mywebsearch.H2.gen!Eldorado
Kingsoft AntiVirus	2013.4.9.267	Win32.Troj.Generic.a.(kcloud)
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.F47V0828
VIPRE Antivirus	22594	MyWebSearch.J (v) (not malicious)
Baidu-International	3.5.1.41473	Adware.Win32.Mindspark.71

Software Behaviors

Services:

29barsvc.exe runs as a service named 'InboxNowService' (InboxNow_drService).

Scheduled tasks:

AppIntegrator64.exe is scheduled as a task named 'Price Fountain' (runs daily at 4:45 PM).
29medint.exe is scheduled as a task with the class '{CEC2F177-6434-48CF-AEA5-AB1F3AD5E60A}' (runs on registration).
29SrchMn.exe is scheduled as a task named 'MetaCrawler' (runs daily at 15:24).

Startup Entries

Startup tasks:

AppIntegrator64.exe is automatically launched at startup through a scheduled task named 7.
29SrchMn.exe is automatically launched at startup through a scheduled task named 3.
29medint.exe is automatically launched at startup through a scheduled task named 2.
29brmon64.exe is automatically launched at startup through a scheduled task named 5.
29brmon.exe is automatically launched at startup through a scheduled task named 4.
APPINTEGRATOR.EXE is automatically launched at startup through a scheduled task named OnlineMapFinder AppIntegrator 32-bit_Reg_HKLMWow6432Run.

Registry entries:

29medint.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'MapsGalaxy EPM Support' and executes as "C:\Program Files2\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S.
29brmon64.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'MapsGalaxy_39 Browser Plugin Loader 64' and executes as C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon64.exe.
APPINTEGRATOR.EXE is loaded in the current user (HKCU) registry as an auto-starting executable named 'PowerSuite' and executes as "C:\Program Files1\Uniblue\POWERS~1\launcher.exe" delay 20000 -m.
AppIntegrator64.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Hoolapp Android' and executes as "C:\users\user\appdata\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized.
29brmon.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'ctfmon.exe' and executes as C:\Program Files3\rundll32.exe C:\Program Files3\lni28.dat,FG00.
29SrchMn.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Hoolapp Android' and executes as "C:\users\user\appdata\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized.

Software Details

URL:

https://support.mindspark.com

Support:

–

Installation path:

C:\Program Files\HeadlineAlley_29\bar\1.bin

Uninstaller:

rundll32 "C:\Program Files\HeadlineAlley_29\bar\1.bin\29Bar.dll",O mindsparktoolbarkey="HeadlineAlley_29" uninstalltype=IE

Size:

8.00 MB

Language: