Retrogamer Internet Explorer Toolbar

Retrogamer Internet Explorer Toolbar

Known Toolbar

by Mindspark Interactive Network

What is Retrogamer Internet Explorer Toolbar?

Retrogamer Internet Explorer Toolbar is software application developed by Mindspark Interactive Network. It is most commonly found on computers running Windows 7 with nearly 57.80% of installations running this operating system. Retrogamer Internet Explorer Toolbar's installer is typically 8.00 MB in size and installs around 64 files. The most common release is 10.0 with 2.75% of all installations currently using this version.

Retrogamer Internet Explorer Toolbar is most popular in the United States with 66.54% of installations residing in this country.

Retrogamer Internet Explorer Toolbar adds 3 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times.

About Retrogamer Internet Explorer Toolbar?

Retrogamer is a versatile web browser toolbar designed by Mindspark to enhance the user’s browsing experience. It allows users to customize their search and home pages to their preference, providing quick access to their favorite content and search engine of choice.

Multiple virus scanners have detected malware in Retrogamer Internet Explorer Toolbar.

AppIntegrator64.exe (MD5: 143d634f4f93155d3a4d430c2cf60d11) has been flagged by 18 scanners:
Scanner Software Result
AhnLab-V3 PUP/Win32.MyWebSearch
Antiy-AVL RiskWare[WebToolbar:not-a-virus]/Win32.MyWebSearch
avast! Win32:Mindspark-A [PUP]
AVG Zango
Baidu-International Adware.Win32.MyWebSearch.Aki
Fortinet FortiGate Riskware/MyWebSearch
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.si
Malwarebytes PUP.Optional.MindSpark
Panda Antivirus Adware/WebSearch
Qihoo-360 Win32/Virus.WebToolbar.30b
Tencent Win32.Trojan.Falsesign.Dvqb
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Bkav FE W32.Clodc29.Trojan.ff33
Dr.Web Adware.BGuard.38
ESET-NOD32 Win32/Toolbar.MyWebSearch.W
F-Prot W32/Mywebsearch.H2.gen!Eldorado
Kingsoft AntiVirus Win32.Troj.Undef.(kcloud)
TrendMicro-HouseCall TROJ_GEN.F47V0718
APPINTEGRATOR.EXE (MD5: b6940fe9d6fc34ef59f1028ae6018fe1) has been flagged by 21 scanners:
Scanner Software Result
AhnLab-V3 PUP/Win32.MyWebSearch
Antiy-AVL RiskWare[WebToolbar:not-a-virus]/Win32.MyWebSearch
avast! Win32:Mindspark-A [PUP]
AVG MyWebSearch
AVware MyWebSearch.J (v)
Baidu-International Adware.Win32.MyWebSearch.am
ESET-NOD32 a variant of Win32/Toolbar.MyWebSearch.AJ
Fortinet FortiGate Riskware/MyWebSearch
G Data Win32.Adware.Mindspark.C
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.si
Kingsoft AntiVirus Win32.Troj.MyWebSearch.si.(kcloud)
Malwarebytes PUP.Optional.MindSpark
Qihoo-360 Win32/Virus.WebToolbar.30b
Tencent Win32.Trojan.Falsesign.Pgcq
TrendMicro-HouseCall Suspicious_GEN.F47V0812
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Zillya Adware.MyWebSearch.Win32.1392
Panda Antivirus Adware/WebSearch
Bkav FE W32.Clodc29.Trojan.ff33
Dr.Web Adware.BGuard.38
F-Prot W32/Mywebsearch.H2.gen!Eldorado
4wbrmon.exe (MD5: 35d6caaa9e4d82974a74dbdb53801f98) has been flagged by 10 scanners:
Scanner Software Result
Antiy-AVL Trojan/win32.agent.gen
avast! Win32:PUP-gen [PUP]
AVG AdInstaller.FunWeb
Bkav FE W32.Clodc29.Trojan.ff33
Dr.Web Adware.BGuard.38
ESET-NOD32 Win32/Toolbar.MyWebSearch.W
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
F-Prot W32/Mywebsearch.H2.gen!Eldorado
Kingsoft AntiVirus Win32.Troj.Undef.(kcloud)
TrendMicro-HouseCall TROJ_GEN.F47V0718
NP4wStub.dll (MD5: 722c3ff7998bb2f7eaf466e62530eca0) has been flagged by 7 scanners:
Scanner Software Result
avast! Win32:Mindspark-A [PUP]
AVG Zango
Bkav FE W32.Clod6d0.Trojan.75f7
ESET-NOD32 Win32/Toolbar.MyWebSearch.T
F-Prot W32/Mywebsearch.H2.gen!Eldorado
Kingsoft AntiVirus Win32.Troj.Undef.(kcloud)
TrendMicro-HouseCall TROJ_GEN.F47V0718
4wSrchMn.exe (MD5: 3c93215de9cc97c60b1892ad8dbe4411) has been flagged by 21 scanners:
Scanner Software Result
AhnLab-V3 Trojan/Win32.Buzus
Antiy-AVL RiskWare[WebToolbar:not-a-virus]/Win32.MyWebSearch
avast! Win32:Mindspark-A [PUP]
AVG MyWebSearch
AVware MyWebSearch.J (v)
Baidu-International Adware.Win32.MyWebSearch.abZ
ESET-NOD32 a variant of Win32/Toolbar.MyWebSearch.AJ
Fortinet FortiGate Riskware/MyWebSearch
G Data Win32.Adware.Mindspark.C
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.si
Kingsoft AntiVirus Win32.Troj.MyWebSearch.si.(kcloud)
Malwarebytes PUP.Optional.MindSpark
Qihoo-360 Win32/Virus.WebToolbar.30b
Tencent Win32.Trojan.Falsesign.Lmut
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Zillya Adware.MyWebSearch.Win32.1351
TrendMicro-HouseCall Suspicious_GEN.F47V0812
Panda Antivirus Adware/WebSearch
Bkav FE W32.Clodc29.Trojan.ff33
Dr.Web Adware.BGuard.38
F-Prot W32/Mywebsearch.H2.gen!Eldorado

Software Behaviors

Services:
  • 4wbarsvc.exe runs as a service named 'InboxNowService' (InboxNow_drService).
Scheduled tasks:
  • AppIntegrator64.exe is scheduled as a task named 'Price Fountain' (runs daily at 4:45 PM).
  • 4wmedint.exe is scheduled as a task with the class '{CEC2F177-6434-48CF-AEA5-AB1F3AD5E60A}' (runs on registration).
  • 4wSrchMn.exe is scheduled as a task named 'MetaCrawler' (runs daily at 15:24).

Startup Entries

Startup tasks:
  • AppIntegrator64.exe is automatically launched at startup through a scheduled task named 7.
  • 4wSrchMn.exe is automatically launched at startup through a scheduled task named 3.
  • 4wmedint.exe is automatically launched at startup through a scheduled task named 2.
  • 4wbrmon.exe is automatically launched at startup through a scheduled task named 4.
  • APPINTEGRATOR.EXE is automatically launched at startup through a scheduled task named OnlineMapFinder AppIntegrator 32-bit_Reg_HKLMWow6432Run.
Registry entries:
  • 4wmedint.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'MapsGalaxy EPM Support' and executes as "C:\Program Files2\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S.
  • APPINTEGRATOR.EXE is loaded in the current user (HKCU) registry as an auto-starting executable named 'PowerSuite' and executes as "C:\Program Files1\Uniblue\POWERS~1\launcher.exe" delay 20000 -m.
  • AppIntegrator64.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Hoolapp Android' and executes as "C:\users\user\appdata\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized.
  • 4wbrmon.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'ctfmon.exe' and executes as C:\Program Files3\rundll32.exe C:\Program Files3\lni28.dat,FG00.
  • 4wSrchMn.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Hoolapp Android' and executes as "C:\users\user\appdata\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized.

Software Details

URL:
https://support.mindspark.com
Support:
–
Installation path:
C:\Program Files\Retrogamer_4w\bar\1.bin
Uninstaller:
rundll32 "C:\Program Files\Retrogamer_4w\bar\1.bin\4wBar.dll",O mindsparktoolbarkey="Retrogamer_4w" uninstalltype=IE
Size:
8.00 MB
Language:
English

Retrogamer Internet Explorer Toolbar Executable Details

Primary executable:
4wbar.dll
Name:
Retrogamer Internet Explorer Toolbar
Path:
C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll
MD5:
3f7583821989e49412f4a3531f04744b
SHA-1:
–
SHA-256:
–
Files installed by Retrogamer Internet Explorer Toolbar
File Type Filename MD5
DLL
INSTALLENABLER.DLL
323eb6c24153bc08ffcbb6e9387a0dcb
DLL
HKFXMGR64.DLL
54ddd3393fc3fb9af3da7641aa38869c
DLL
HKFXMGR.DLL
0296231be0868699d20490c1c66d6dc3
DLL
HiddenToolbarReminder.dll
16a5a1101a3b0aaac82ccb2ecf2ccd41
DLL
DPNMNGR.DLL
7a971a7755448ababa56cf94b047e91c
DLL
CREXT.DLL
810697b04a0397cde0dea1095de43c5b
DLL
BAT.DLL
cddbd87b2bf8be3d97c7ca75c71356f8
DLL
ASSISTMONITOR64.DLL
4f49dbf5fc5b7b39dc9d076852039234
DLL
ASSISTMONITOR.DLL
30012d1068ec243f573ab162b6154dd0
DLL
AppIntegratorStub64.dll
9cd47b752fe610e21ef22473a2f8f534