MapsGalaxy Toolbar

Known Toolbar

What is MapsGalaxy Toolbar?

MapsGalaxy Toolbar is software application developed by Mindspark Interactive Network. It is most commonly found on computers running Windows 7 with nearly 66.29% of installations running this operating system. MapsGalaxy Toolbar's installer is typically 11.00 MB in size and installs around 42 files.

MapsGalaxy Toolbar is most popular in the United States with 74.06% of installations residing in this country.

MapsGalaxy Toolbar adds 1 scheduled task to the Windows Task Scheduler launching the program at randomly scheduled times.

About MapsGalaxy Toolbar?

The software features the installation of a Mindspark toolbar into the user's web browser, facilitating the collection and storage of web browsing habits. This information is then transmitted to Mindspark for the purpose of providing targeted services and advertisements through the toolbar.

Multiple virus scanners have detected malware in MapsGalaxy Toolbar.

AppIntegrator64.exe (MD5: f68778b356218f4cbfd5c2c19419c0a0) has been flagged by 4 scanners:

Scanner Software	Version	Result
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	13.0.0.3169	Zango
ESET-NOD32	9637	a variant of Win64/Toolbar.MyWebSearch.A
VIPRE Antivirus	28020	MyWebSearch.J (v) (not malicious)

APPINTEGRATOR.EXE (MD5: 660d435be4a48b8d941e5dcf30ac1974) has been flagged by 10 scanners:

Scanner Software	Version	Result
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	14.0.0.3950	Zango
Baidu-International	3.5.1.41473	Adware.Win32.Mindspark.81
Panda Antivirus	10.0.3.5	Adware/WebSearch
Tencent	1.0.0.1	Win32.Trojan.Falsesign.Wlzh
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.F47V0404
VIPRE Antivirus	29442	MyWebSearch.J (v) (not malicious)
Malwarebytes	1.75.0001	PUP.Optional.AudioToAudioToolBar.A
NANO AntiVirus	0.28.0.58873	Trojan.Win32.FUbu2.cudmon
ESET-NOD32	9637	a variant of Win64/Toolbar.MyWebSearch.A

39brmon.exe (MD5: 2c0a45683112082493b1fb3c09c60184) has been flagged by 6 scanners:

Scanner Software	Version	Result
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	13.0.0.3169	Zango
Malwarebytes	1.75.0001	PUP.Optional.MindSpark.A
VIPRE Antivirus	28020	MyWebSearch.J (v) (not malicious)
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.F47V0404
ESET-NOD32	9637	a variant of Win64/Toolbar.MyWebSearch.A

39SrchMn.exe (MD5: 466af3fbfdd028b3d90238425c367b7e) has been flagged by 14 scanners:

Scanner Software	Version	Result
AhnLab-V3	None	Trojan/Win32.Buzus
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	13.0.0.3169	Zango
Kingsoft AntiVirus	2013.04.09.267	Win32.Troj.Undef.(kcloud)
McAfee	6.0.4.564	Artemis!466AF3FBFDD0
McAfee-GW-Edition	2013	Artemis!466AF3FBFDD0
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.F47V0404
VIPRE Antivirus	28088	MyWebSearch.J (v) (not malicious)
Baidu-International	3.5.1.41473	Adware.Win32.Mindspark.45
Panda Antivirus	10.0.3.5	Adware/WebSearch
Tencent	1.0.0.1	Win32.Trojan.Falsesign.Lkxk
Malwarebytes	1.75.0001	PUP.Optional.AudioToAudioToolBar.A
NANO AntiVirus	0.28.0.58873	Trojan.Win32.FUbu2.cudmon
ESET-NOD32	9637	a variant of Win64/Toolbar.MyWebSearch.A

39SrcAs.dll (MD5: 31f0fd888f41c6e4b05a8a26a6257bbb) has been flagged by 10 scanners:

Scanner Software	Version	Result
avast!	8.0.1489.320	Win32:Mindspark-A [PUP]
AVG	14.0.0.3950	Zango
Baidu-International	3.5.1.41473	Adware.Win32.Mindspark.45
Panda Antivirus	10.0.3.5	Adware/WebSearch
Tencent	1.0.0.1	Win32.Trojan.Falsesign.Lkxk
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.F47V0404
VIPRE Antivirus	29442	MyWebSearch.J (v) (not malicious)
Malwarebytes	1.75.0001	PUP.Optional.AudioToAudioToolBar.A
NANO AntiVirus	0.28.0.58873	Trojan.Win32.FUbu2.cudmon
ESET-NOD32	9637	a variant of Win64/Toolbar.MyWebSearch.A

Software Behaviors

Services:: 39barsvc.exe runs as a service named 'WebfettiService' (Webfetti_52Service).
Scheduled tasks:: AppIntegrator64.exe is scheduled as a task named 'Price Fountain' (runs daily at 4:45 PM).

Startup Entries

Startup tasks:: AppIntegrator64.exe is automatically launched at startup through a scheduled task named 7.

39SrchMn.exe is automatically launched at startup through a scheduled task named 3.

39medint.exe is automatically launched at startup through a scheduled task named 2.

39brmon64.exe is automatically launched at startup through a scheduled task named 5.

39brmon.exe is automatically launched at startup through a scheduled task named 4.

Software Details

URL:: https://search.mywebsearch.com/mywebsearch/default.jhtml
Support:: –
Installation path:: C:\Program Files\MapsGalaxy_39\bar\2.bin
Uninstaller:: rundll32 C:\Program Files2\MAPSGA~2\bar\1.bin\39Bar.dll,O
Size:: 11.00 MB
Language:: English

MapsGalaxy Toolbar Executable Details

Primary executable:: 39bar.dll
Name:: MapsGalaxy Toolbar
Path:: C:\Program Files\MapsGalaxy_39\bar\2.bin\39bar.dll
MD5:: 96a060cf33a2c42617cf13224a47db07
SHA-1:: –
SHA-256:: –

Files installed by MapsGalaxy Toolbar

File Type	Filename	MD5
DLL	39radio.dll	99314afe1aa7f154766c7b10b1b7e90d
DLL	39ieovr.dll	aedf3f97b88562ce2d5128c9422718c1
DLL	39auxstb64.dll	a842b26aee3d1312bda37096c8490b39
DLL	39auxstb.dll	bef81913920b66f99cce1b8b94d2335d
EXE	CrExtP39.exe	c9fecbc3ec683b4b60cf45ebae9abfcd
DLL	39srchmr.dll	9f1f27aaedca28c35f7ec1484c53b6e5
EXE	39SrchMn.exe Toolbar	466af3fbfdd028b3d90238425c367b7e
DLL	39SrcAs.dll Toolbar	31f0fd888f41c6e4b05a8a26a6257bbb
EXE	39skplay.exe	f59ea63eaa060998c359fcbfdbc8c7d7
DLL	39skin.dll	2fd72a0a4fc75b4371f22252e443b245