MapsGalaxy Toolbar

Known Toolbar

What is MapsGalaxy Toolbar?

MapsGalaxy Toolbar is software application developed by Mindspark Interactive Network. It is most commonly found on computers running Windows 7 with nearly 66.29% of installations running this operating system. MapsGalaxy Toolbar's installer is typically 11.00 MB in size and installs around 42 files.

MapsGalaxy Toolbar is most popular in the United States with 74.06% of installations residing in this country.

MapsGalaxy Toolbar adds 1 scheduled task to the Windows Task Scheduler launching the program at randomly scheduled times.

About MapsGalaxy Toolbar?

The software features the installation of a Mindspark toolbar into the user's web browser, facilitating the collection and storage of web browsing habits. This information is then transmitted to Mindspark for the purpose of providing targeted services and advertisements through the toolbar.

Multiple virus scanners have detected malware in MapsGalaxy Toolbar.

AppIntegrator64.exe (MD5: f68778b356218f4cbfd5c2c19419c0a0) has been flagged by 4 scanners:

Scanner Software	Version	Result
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	13.0.0.3169	Zango
ESET-NOD32	9637	a variant of Win64/Toolbar.MyWebSearch.A
VIPRE Antivirus	28020	MyWebSearch.J (v) (not malicious)

APPINTEGRATOR.EXE (MD5: 660d435be4a48b8d941e5dcf30ac1974) has been flagged by 10 scanners:

Scanner Software	Version	Result
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	14.0.0.3950	Zango
Baidu-International	3.5.1.41473	Adware.Win32.Mindspark.81
Panda Antivirus	10.0.3.5	Adware/WebSearch
Tencent	1.0.0.1	Win32.Trojan.Falsesign.Wlzh
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.F47V0404
VIPRE Antivirus	29442	MyWebSearch.J (v) (not malicious)
Malwarebytes	1.75.0001	PUP.Optional.AudioToAudioToolBar.A
NANO AntiVirus	0.28.0.58873	Trojan.Win32.FUbu2.cudmon
ESET-NOD32	9637	a variant of Win64/Toolbar.MyWebSearch.A

39brmon.exe (MD5: 2c0a45683112082493b1fb3c09c60184) has been flagged by 6 scanners:

Scanner Software	Version	Result
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	13.0.0.3169	Zango
Malwarebytes	1.75.0001	PUP.Optional.MindSpark.A
VIPRE Antivirus	28020	MyWebSearch.J (v) (not malicious)
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.F47V0404
ESET-NOD32	9637	a variant of Win64/Toolbar.MyWebSearch.A

39SrchMn.exe (MD5: 466af3fbfdd028b3d90238425c367b7e) has been flagged by 14 scanners:

Scanner Software	Version	Result
AhnLab-V3	None	Trojan/Win32.Buzus
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	13.0.0.3169	Zango
Kingsoft AntiVirus	2013.04.09.267	Win32.Troj.Undef.(kcloud)
McAfee	6.0.4.564	Artemis!466AF3FBFDD0
McAfee-GW-Edition	2013	Artemis!466AF3FBFDD0
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.F47V0404
VIPRE Antivirus	28088	MyWebSearch.J (v) (not malicious)
Baidu-International	3.5.1.41473	Adware.Win32.Mindspark.45
Panda Antivirus	10.0.3.5	Adware/WebSearch
Tencent	1.0.0.1	Win32.Trojan.Falsesign.Lkxk
Malwarebytes	1.75.0001	PUP.Optional.AudioToAudioToolBar.A
NANO AntiVirus	0.28.0.58873	Trojan.Win32.FUbu2.cudmon
ESET-NOD32	9637	a variant of Win64/Toolbar.MyWebSearch.A

39SrcAs.dll (MD5: 31f0fd888f41c6e4b05a8a26a6257bbb) has been flagged by 10 scanners:

Scanner Software	Version	Result
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	14.0.0.3950	Zango
Baidu-International	3.5.1.41473	Adware.Win32.Mindspark.45
Panda Antivirus	10.0.3.5	Adware/WebSearch
Tencent	1.0.0.1	Win32.Trojan.Falsesign.Lkxk
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.F47V0404
VIPRE Antivirus	29442	MyWebSearch.J (v) (not malicious)
Malwarebytes	1.75.0001	PUP.Optional.AudioToAudioToolBar.A
NANO AntiVirus	0.28.0.58873	Trojan.Win32.FUbu2.cudmon
ESET-NOD32	9637	a variant of Win64/Toolbar.MyWebSearch.A

Software Behaviors

Services:: 39barsvc.exe runs as a service named 'WebfettiService' (Webfetti_52Service).
Scheduled tasks:: AppIntegrator64.exe is scheduled as a task named 'Price Fountain' (runs daily at 4:45 PM).

Startup Entries

Startup tasks:: AppIntegrator64.exe is automatically launched at startup through a scheduled task named 7.

39SrchMn.exe is automatically launched at startup through a scheduled task named 3.

39medint.exe is automatically launched at startup through a scheduled task named 2.

39brmon64.exe is automatically launched at startup through a scheduled task named 5.

39brmon.exe is automatically launched at startup through a scheduled task named 4.

Software Details

URL:: https://search.mywebsearch.com/mywebsearch/default.jhtml
Support:: –
Installation path:: C:\Program Files\MapsGalaxy_39\bar\2.bin
Uninstaller:: rundll32 C:\Program Files2\MAPSGA~2\bar\1.bin\39Bar.dll,O
Size:: 11.00 MB
Language:: English

MapsGalaxy Toolbar Executable Details

Primary executable:: 39bar.dll
Name:: MapsGalaxy Toolbar
Path:: C:\Program Files\MapsGalaxy_39\bar\2.bin\39bar.dll
MD5:: 96a060cf33a2c42617cf13224a47db07
SHA-1:: –
SHA-256:: –

Files installed by MapsGalaxy Toolbar

File Type	Filename	MD5
DLL	DPNMNGR.DLL	5fe1c74f008496c30bbaf7689cd2fb74
DLL	CREXT.DLL	adc32dbe2fa1caae9c213bbfb6b02a9b
DLL	ASSISTMONITOR64.DLL	8584203f010ab90bfde264a7c0879413
DLL	ASSISTMONITOR.DLL	e5d70d21eb26491111de57256319e340
DLL	AppIntegratorStub64.dll	755ef214e8e5c2b5736c2e0fac4fe561
DLL	APPINTEGRATORSTUB.DLL	d5d454ca320d6f9128c1e8231d8118c1
EXE	AppIntegrator64.exe Malware	f68778b356218f4cbfd5c2c19419c0a0
EXE	APPINTEGRATOR.EXE Toolbar	660d435be4a48b8d941e5dcf30ac1974
DLL	39brstub.dll	e46963ec2bc3d0ed27a61f0697544196
EXE	39brmon.exe Toolbar	2c0a45683112082493b1fb3c09c60184