Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Relationships
Parent process
Related files
 PE file structure
|
Show functions |
Import table
advapi32.dll
RegCloseKey, RegQueryValueExA, RegFlushKey, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegQueryInfoKeyA, RegEnumKeyExA, RegNotifyChangeKeyValue, RegOpenKeyExA
kernel32.dll
GetModuleFileNameA, lstrlenW, OpenMutexA, GetStartupInfoA, ExitProcess, GetCommandLineA, GetModuleHandleA, InitializeCriticalSection, DeleteCriticalSection, DebugBreak, HeapAlloc, GetProcessHeap, HeapReAlloc, HeapFree, LeaveCriticalSection, EnterCriticalSection, LocalFree, GetProcAddress, lstrcpynA, GetVersionExA, GetFileAttributesA, LoadLibraryExA, CreateProcessA, FreeLibrary, ResetEvent, GetLastError, CreateEventA, SetLastError, GetSystemDirectoryA, CompareFileTime, GetSystemTimeAsFileTime, GetTickCount, SystemTimeToFileTime, GetSystemTime, lstrcmpiA, Sleep, CreateFileMappingA, DuplicateHandle, GetCurrentProcess, OpenFileMappingA, MapViewOfFile, UnmapViewOfFile, FindResourceA, LoadResource, LockResource, lstrlenA, lstrcpyA, lstrcatA, CreateMutexA, WaitForSingleObject, ReleaseMutex, CloseHandle, GetDriveTypeA, GetLocalTime
ole32.dll
CLSIDFromString
user32.dll
SetWindowsHookExA, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, UnhookWindowsHookEx, GetKeyboardType, CharNextA, wsprintfA
version.dll
GetFileVersionInfoSizeA, VerQueryValueA, GetFileVersionInfoA
49srchmn.exe
MindSpark Toolbar Platform SearchScope Monitor by Mindspark Interactive Network (Signed)
| Version: | 1, 0, 0, 13 |
| MD5: | fb85f333d10b1475650c4304f99a1ece |
| SHA1: | 8ace75f6c2417666ad9d60837b72d78b394c3944 |
| SHA256: | bed200cccbab9d0b7f5ff299b74a0ff52731366da956960fc3ea45edaaf9cb10 |
Warning 5 antivirus scanners has detected malware.
Overview
49srchmn.exe is malware that executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). It is installed with a couple of know programs including CouponXplorer Internet Explorer Toolbar published by Mindspark Interactive Network, WeatherBlink Internet Explorer Toolbar from Mindspark Interactive Network and WeatherBlink Internet Explorer Toolbar by Mindspark Interactive Network.
Details
| File name: | 49srchmn.exe |
| Publisher: | MindSpark |
| Product name: | MindSpark Toolbar Platform SearchScope Monitor |
| Typical file path: | C:\Program Files\utilitychest_49\bar\1.bin\49srchmn.exe |
| Original name: | t8SrchMn.exe |
| File version: | 1, 0, 0, 13 |
| Product version: | 2, 3, 0, 0 |
| Size: | 43.73 KB (44,784 bytes) |
| Build date: | 2/15/2013 3:08 PM |
| Certificate |
| Issued to: | Mindspark Interactive Network |
| Authority (CA): | VeriSign |
| Effective date: | Monday, April 9, 2012 |
| Expiration date: | Wednesday, May 6, 2015 |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
|
Mindspark Interactive Network |
|
Installs an Ask.com toolbar in Internet Explorer as a Browser Helper Object. According to the EULA (see below) as well as the behavior of the software, this toolbar will install search functionality in IE by modifying the default search, address bar and redirect queries. In addition it will change the user's home page and new tabs page to home.tb.ask.com.
The toolbar uses the Price Finder application from Pronto, LLC. From the Privac...
|
Mindspark Interactive Network |
|
WeatherBlink Internet Explorer Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the toolb...
|
Mindspark Interactive Network |
|
SafePCRepair Internet Explorer Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the toolb...
|
Mindspark Interactive Network |
|
Functionality of the toolbar includes:
- Changing the web browser's default home page to MyWebSearch.com.
- Changing the browser's search provider, built-in search box to MyWebSearch.com.
- Ability to modify the 'new tab' functionality to launch the modified search portal page.
- Adds an alternative error page, DNS error and 'page not' found functionality.
- Adds additional functionality that is designed to protect the search and h...
|
Mindspark Interactive Network |
|
Functionality of the toolbar includes:
- Changing the web browser's default home page to MyWebSearch.com.
- Changing the browser's search provider, built-in search box to MyWebSearch.com.
- Ability to modify the 'new tab' functionality to launch the modified search portal page.
- Adds an alternative error page, DNS error and 'page not' found functionality.
- Adds additional functionality that is designed to protect the search and h...
|
Mindspark Interactive Network |
|
FromDocToPDF Firefox Toolbar is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers contextual based advertising. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a co-bundled offer within a third-party software distribut...
|
Mindspark Interactive Network |
|
FromDocToPDF Internet Explorer Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the toolb...
|
Mindspark Interactive Network |
|
Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.
|
Mindspark Interactive Network |
|
Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.
|
Mindspark Interactive Network |
|
Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.
|
Mindspark Interactive Network |
|
FilmFanatic Firefox Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the toolbar is typic...
|
Mindspark Interactive Network |
|
TelevisionFanatic Internet Explorer Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.com or some other webpage. MyWebSearch automatically becomes your default search service which hijacks all your search requests as we...
|
Mindspark Interactive Network |
|
ReadingFanatic Internet Explorer Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the too...
|
Mindspark Interactive Network |
|
ReadingFanatic Firefox Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the toolbar is ty...
|
Mindspark Interactive Network |
|
MapsGalaxy Firefox Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.com or some other webpage. MyWebSearch automatically becomes your default search service which hijacks all your search requests as well as tracks your...
|
Mindspark Interactive Network |
|
MapsGalaxy Internet Explorer Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.com or some other webpage. MyWebSearch automatically becomes your default search service which hijacks all your search requests as well as t...
|
Mindspark Interactive Network |
|
This toolbar/web browser extension is ad/search-supported that is typically installed as an optional offer, users generally have this bundled with 3rd party software. During setup, this toolbar will modify the home page and new tab pages to an affiliate search portal using a primary search engine in order to collect shared search revenue. It will also modify the default search provider as well.
|
Mindspark Interactive Network |
|
Functionality of the toolbar includes:
- Changing the web browser's default home page to MyWebSearch.com.
- Changing the browser's search provider, built-in search box to MyWebSearch.com.
- Ability to modify the 'new tab' functionality to launch the modified search portal page.
- Adds an alternative error page, DNS error and 'page not' found functionality.
- Adds additional functionality that is designed to protect the search and h...
|
Mindspark Interactive Network |
|
RadioRage Firefox Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.com or some other webpage. MyWebSearch automatically becomes your default search service which hijacks all your search requests as well as tracks your ...
|
Mindspark Interactive Network |
|
RadioRage Internet Explorer Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the toolbar ...
Behaviors
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'CouponXplorer Search Scope Monitor' → "C:\Program Files2\COUPON~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /h
- 'FileShareFanatic Search Scope Monitor' → "C:\Program Files2\FILESH~2\bar\1.bin\8lsrchmn.exe" /m=2 /w /h
- 'PackageTracer Search Scope Monitor' → "C:\Program Files1\PACKAG~2\bar\1.bin\69srchmn.exe" /m=2 /w /h
- 'FilmFanatic Search Scope Monitor' → "C:\Program Files1\FILMFA~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h
- 'PopularScreensavers Search Scope Monitor' → "C:\Program Files2\POPULA~2\bar\1.bin\7isrchmn.exe" /m=2 /w /h
- 'TelevisionFanatic Search Scope Monitor' → "C:\Program Files2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h
- 'Allin1Convert Search Scope Monitor' → "C:\Program Files1\ALLIN1~2\bar\1.bin\8hsrchmn.exe" /m=2 /w /h
- 'HeadlineAlley Search Scope Monitor' → "C:\Program Files1\HEADLI~2\bar\1.bin\29srchmn.exe" /m=2 /w /h
- 'VideoScavenger Search Scope Monitor' → "C:\Program Files1\VIDEOS~2\bar\1.bin\1esrchmn.exe" /m=2 /w /h
- 'DailyBibleGuide Search Scope Monitor' → "C:\Program Files1\DAILYB~2\bar\1.bin\2vsrchmn.exe" /m=2 /w /h
- 'Zwinky Search Scope Monitor' → "C:\Program Files1\ZWINKY~2\bar\2.bin\5qsrchmn.exe" /m=2 /w /h
- 'ReadingFanatic Search Scope Monitor' → "C:\Program Files1\READIN~2\bar\1.bin\6xsrchmn.exe" /m=2 /w /h
- 'FromDocToPDF Search Scope Monitor' → "C:\Program Files2\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h
- 'InboxAce Search Scope Monitor' → "C:\Program Files2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
- 'Marine Aquarium Lite Search Scope Monitor' → "C:\Program Files2\MARINE~2\bar\3.bin\57srchmn.exe" /m=2 /w /h
- 'VideoDownloadConverter Search Scope Monitor' → "C:\Program Files2\VIDEOD~2\bar\2.bin\4zsrchmn.exe" /m=2 /w /h
- 'SafePCRepair Search Scope Monitor' → "C:\Program Files2\SAFEPC~2\bar\2.bin\89srchmn.exe" /m=2 /w /h
- 'Utility Chest Search Scope Monitor' → "C:\Program Files1\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h
Malware detections
Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| avast! |
8.0.1489.320 |
Win32:Mindspark-A [PUP] |
| AVG |
13.0.0.3169 |
Skodna.Generic.AOF |
| ESET NOD32 |
7.8852 |
Win32/Toolbar.MyWebSearch.W |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Undef.(kcloud) |
| VIPRE Antivirus |
21884 |
MyWebSearch.J (v) (not malicious) |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00010435% | |
| Kernel CPU: | 0.00009643% | |
| User CPU: | 0.00000792% | |
| Kernel CPU time: | 45,047 ms/min | |
| CPU cycles: | 12,097/sec | |
| Memory |
| Private memory: | 925.71 KB | |
| Private (maximum): | 2.39 MB | |
| Private (minimum): | 613.14 KB | |
| Non-paged memory: | 925.71 KB | |
| Virtual memory: | 36.01 MB | |
| Virtual memory (peak): | 46.29 MB | |
| Working set: | 671.43 KB | |
| Working set (peak): | 3.08 MB | |
| Page faults: | 1,036/min | |
| I/O |
| I/O read transfer: | 8 Bytes/sec | |
| I/O read operations: | 1/sec | |
| I/O other transfer: | 0 Bytes/sec | |
| I/O other operations: | 1/sec | |
| Resource allocations |
| Threads: | 2 | |
| Handles: | 56 | |
| GUI GDI count: | 4 | |
| GUI GDI peak: | 4 | |
| GUI USER count: | 2 | |
| GUI USER peak: | 2 | |
Process properties
| Integrety level: | Medium |
| Platform: | 32-bit |
| Command lines: |
- "C:\Program Files\televisionfanatic\bar\1.bin\64srchmn.exe" /m=2 /w /h
- "C:\progra~1\videod~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
- "C:\archiv~1\videod~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
- "C:\Program Files\videoscavenger_1e\bar\1.bin\1esrchmn.exe" /m=2 /w /h
- "C:\progra~2\videod~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h /r
- "C:\Program Files\zwinky_5q\bar\2.bin\5qsrchmn.exe" /m=2 /w /h
- "C:\Program Files\utilitychest_49\bar\1.bin\49srchmn.exe" /m=2 /w /h
- (7 more)
|
| Owner: | User |
| Parent process: | explorer.exe (Windows Explorer by Microsoft Corporation) |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
35.85% |
|
| Microsoft Windows XP |
18.87% |
|
| Windows 7 Home Premium |
16.98% |
|
| Windows 7 Professional |
5.66% |
|
| Windows 8 Pro with Media Center |
5.66% |
|
| Windows 8 Pro |
5.66% |
|
| Windows 8 |
3.77% |
|
| Windows 8 Single Language |
3.77% |
|
| Windows Vista Home Premium |
1.89% |
|
| Windows Vista Home Basic |
1.89% |
|
Distribution by country
United States installs about 28.30% of MindSpark Toolbar Platform SearchScope Monitor.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
26.87% |
|
| Hewlett-Packard |
22.39% |
|
| Acer |
19.40% |
|
| Toshiba |
14.93% |
|
| Lenovo |
8.96% |
|
| ASUS |
5.97% |
|
| GIGABYTE |
1.49% |
|
