MapsGalaxy Internet Explorer Toolbar

MapsGalaxy Internet Explorer Toolbar

Known Toolbar

by Mindspark Interactive Network

What is MapsGalaxy Internet Explorer Toolbar?

MapsGalaxy Internet Explorer Toolbar is software application developed by Mindspark Interactive Network. It is most commonly found on computers running Windows 7 with nearly 54.06% of installations running this operating system. MapsGalaxy Internet Explorer Toolbar's installer is typically 8.00 MB in size and installs around 60 files. The most common release is 10.0 with 0.06% of all installations currently using this version.

MapsGalaxy Internet Explorer Toolbar is most popular in the United States with 74.92% of installations residing in this country.

MapsGalaxy Internet Explorer Toolbar adds 3 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times.

About MapsGalaxy Internet Explorer Toolbar?

The MapsGalaxy Internet Explorer Toolbar is a web browser extension that offers users the ability to search the Internet. However, it comes bundled with the potentially unwanted program MyWebSearch, which can change search results, redirect DNS errors, and modify the user's home page to mywebsearch.com. MyWebSearch also overrides the default search service and tracks user internet behavior for targeted advertising. Similarly, the MetroCast Toolbar is an ad-supported web browser plugin that is distributed through various monetization platforms during installation. It includes features that can modify the default or custom settings of the browser, such as the home page and search settings. Some of the changes that the toolbar can make include altering the default search engine, changing the home page, adding alternative "page not found" functionality, and enabling search from the address bar.

Multiple virus scanners have detected malware in MapsGalaxy Internet Explorer Toolbar.

AppIntegrator64.exe (MD5: 143d634f4f93155d3a4d430c2cf60d11) has been flagged by 27 scanners:
Scanner Software Result
AhnLab-V3 PUP/Win32.MyWebSearch
Antiy-AVL RiskWare[WebToolbar:not-a-virus]/Win32.MyWebSearch
avast! Win32:Mindspark-A [PUP]
AVG Zango
Baidu-International Adware.Win32.MyWebSearch.Aki
Fortinet FortiGate Riskware/MyWebSearch
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.si
Malwarebytes PUP.Optional.MindSpark
Panda Antivirus Adware/WebSearch
Qihoo-360 Win32/Virus.WebToolbar.30b
Tencent Win32.Trojan.Falsesign.Dvqb
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Avira AntiVir TR/Trash.Gen
Comodo Security UnclassifiedMalware
Dr.Web Trojan.Damaged.1
IKARUS anti.virus Trojan.Trash
McAfee-GW-Edition Heuristic.BehavesLike.Exploit.CodeExec.I
PC Tools HeurEngine.MalPE
SUPERAntiSpyware Trojan.Agent/Gen-Nullo[Short]
Symantec Bloodhound.MalPE
TrendMicro-HouseCall TROJ_GEN.RCBH1KE
AVware MyWebSearch.J (v)
ESET-NOD32 Win32/Toolbar.MyWebSearch.T
F-Prot W32/Mywebsearch.H2.gen!Eldorado
G Data Win32.Adware.Mindspark.C
Kingsoft AntiVirus Win32.Troj.Undef.(kcloud)
Zillya Adware.WebSearch.Win32.171
APPINTEGRATOR.EXE (MD5: b6940fe9d6fc34ef59f1028ae6018fe1) has been flagged by 28 scanners:
Scanner Software Result
AhnLab-V3 PUP/Win32.MyWebSearch
Antiy-AVL RiskWare[WebToolbar:not-a-virus]/Win32.MyWebSearch
avast! Win32:Mindspark-A [PUP]
AVG MyWebSearch
AVware MyWebSearch.J (v)
Baidu-International Adware.Win32.MyWebSearch.am
ESET-NOD32 a variant of Win32/Toolbar.MyWebSearch.AJ
Fortinet FortiGate Riskware/MyWebSearch
G Data Win32.Adware.Mindspark.C
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.si
Kingsoft AntiVirus Win32.Troj.MyWebSearch.si.(kcloud)
Malwarebytes PUP.Optional.MindSpark
Qihoo-360 Win32/Virus.WebToolbar.30b
Tencent Win32.Trojan.Falsesign.Pgcq
TrendMicro-HouseCall Suspicious_GEN.F47V0812
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Agnitum Outpost PUA.Toolbar.MyWebSearch!
Panda Antivirus Adware/WebSearch
Avira AntiVir TR/Trash.Gen
Comodo Security UnclassifiedMalware
Dr.Web Trojan.Damaged.1
IKARUS anti.virus Trojan.Trash
McAfee-GW-Edition Heuristic.BehavesLike.Exploit.CodeExec.I
PC Tools HeurEngine.MalPE
SUPERAntiSpyware Trojan.Agent/Gen-Nullo[Short]
Symantec Bloodhound.MalPE
F-Prot W32/Mywebsearch.H2.gen!Eldorado
Zillya Adware.WebSearch.Win32.171
39brmon.exe (MD5: 3e1dfacf17584f0aa2372f993ec15618) has been flagged by 19 scanners:
Scanner Software Result
Avira AntiVir TR/Trash.Gen
avast! Win32:FunWeb-K [PUP]
Comodo Security UnclassifiedMalware
Dr.Web Trojan.Damaged.1
IKARUS anti.virus Trojan.Trash
McAfee-GW-Edition Heuristic.BehavesLike.Exploit.CodeExec.I
PC Tools HeurEngine.MalPE
SUPERAntiSpyware Trojan.Agent/Gen-Nullo[Short]
Symantec Bloodhound.MalPE
TrendMicro-HouseCall TROJ_GEN.RCBH1KE
AVG Toolbar.MyWebSearch.D
AVware MyWebSearch.J (v)
ESET-NOD32 Win32/Toolbar.MyWebSearch.T
F-Prot W32/Mywebsearch.H2.gen!Eldorado
G Data Win32.Adware.Mindspark.C
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.sw
Kingsoft AntiVirus Win32.Troj.Undef.(kcloud)
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Zillya Adware.WebSearch.Win32.171
NP39Stub.dll (MD5: 7a3d4f9ad1e86a4a9c8f45aed4d758b5) has been flagged by 10 scanners:
Scanner Software Result
avast! Win32:Mindspark-A [PUP]
AVG Toolbar.MyWebSearch.D
AVware MyWebSearch.J (v)
ESET-NOD32 Win32/Toolbar.MyWebSearch.T
F-Prot W32/Mywebsearch.H2.gen!Eldorado
G Data Win32.Adware.Mindspark.C
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.sw
Kingsoft AntiVirus Win32.Troj.Undef.(kcloud)
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Zillya Adware.WebSearch.Win32.171
39SrchMn.exe (MD5: 3c93215de9cc97c60b1892ad8dbe4411) has been flagged by 28 scanners:
Scanner Software Result
AhnLab-V3 Trojan/Win32.Buzus
Antiy-AVL RiskWare[WebToolbar:not-a-virus]/Win32.MyWebSearch
avast! Win32:Mindspark-A [PUP]
AVG MyWebSearch
AVware MyWebSearch.J (v)
Baidu-International Adware.Win32.MyWebSearch.abZ
ESET-NOD32 a variant of Win32/Toolbar.MyWebSearch.AJ
Fortinet FortiGate Riskware/MyWebSearch
G Data Win32.Adware.Mindspark.C
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.si
Kingsoft AntiVirus Win32.Troj.MyWebSearch.si.(kcloud)
Malwarebytes PUP.Optional.MindSpark
Qihoo-360 Win32/Virus.WebToolbar.30b
Tencent Win32.Trojan.Falsesign.Lmut
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Zillya Adware.MyWebSearch.Win32.1351
TrendMicro-HouseCall Suspicious_GEN.F47V0812
Agnitum Outpost PUA.Toolbar.MyWebSearch!
Panda Antivirus Adware/WebSearch
Avira AntiVir TR/Trash.Gen
Comodo Security UnclassifiedMalware
Dr.Web Trojan.Damaged.1
IKARUS anti.virus Trojan.Trash
McAfee-GW-Edition Heuristic.BehavesLike.Exploit.CodeExec.I
PC Tools HeurEngine.MalPE
SUPERAntiSpyware Trojan.Agent/Gen-Nullo[Short]
Symantec Bloodhound.MalPE
F-Prot W32/Mywebsearch.H2.gen!Eldorado

Software Behaviors

Services:
  • 39barsvc.exe runs as a service named 'ConservativeTalkNowService' (ConservativeTalkNow_4nService).
Scheduled tasks:
  • AppIntegrator64.exe is scheduled as a task named 'Price Fountain' (runs daily at 4:45 PM).
  • 39medint.exe is scheduled as a task with the class '{CEC2F177-6434-48CF-AEA5-AB1F3AD5E60A}' (runs on registration).
  • 39SrchMn.exe is scheduled as a task named 'MetaCrawler' (runs daily at 15:24).

Startup Entries

Startup tasks:
  • AppIntegrator64.exe is automatically launched at startup through a scheduled task named 7.
  • 39SrchMn.exe is automatically launched at startup through a scheduled task named 3.
  • 39medint.exe is automatically launched at startup through a scheduled task named 2.
  • 39brmon.exe is automatically launched at startup through a scheduled task named 4.
Registry entries:
  • 39medint.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'MapsGalaxy EPM Support' and executes as "C:\Program Files2\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S.
  • 39brmon.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'ctfmon.exe' and executes as C:\Program Files3\rundll32.exe C:\Program Files3\lni28.dat,FG00.
  • 39SrchMn.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Hoolapp Android' and executes as "C:\users\user\appdata\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized.

Software Details

URL:
https://support.mindspark.com
Support:
–
Installation path:
C:\Program Files\MapsGalaxy_39\bar\1.bin
Uninstaller:
rundll32 "C:\Program Files\MapsGalaxy_39\bar\1.bin\39Bar.dll",O mindsparktoolbarkey="MapsGalaxy_39" uninstalltype="IE"
Size:
8.00 MB
Language:
English

MapsGalaxy Internet Explorer Toolbar Executable Details

Primary executable:
39bar.dll
Name:
MapsGalaxy Internet Explorer Toolbar
Path:
C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll
MD5:
96a060cf33a2c42617cf13224a47db07
SHA-1:
–
SHA-256:
–
Files installed by MapsGalaxy Internet Explorer Toolbar
File Type Filename MD5
DLL
verify.dll
f840b861e8c05b1ab6df254e7c3f9c35
DLL
T8TICKER.DLL
3d4aca84349bff8642dc00145bbc51c4
DLL
T8RES.DLL
b5af015242f9705788bed0f9504e7b7c
DLL
T8HTML.DLL
b1dd705f66a0aac955be5b5003d87852
DLL
T8EXTPEX.DLL
64d6eb8eb2882837bc4f29ce02e1a6f9
DLL
T8EXTEX.DLL
85aa773c5b3fe1b2fc4db60bfcb0e6f9
DLL
T8EPMSUP.DLL
b8274b1454a8c3fca77dd48a7a91bf65
DLL
HKFXMGR64.DLL
12561f359a0665b4ef531a06b42e1178
DLL
HKFXMGR.DLL
2f738b52cab5a1722ba7d250c24fbf4c
DLL
DPNMNGR.DLL
b61deef118eb941a8063e6d2ad31415a