4zuninstall videodownloadconverter.dll
MindSpark Toolbar Platform for Internet Explorer and Firefox by Mindspark Interactive Network (Signed)
Warning 10 antivirus scanners has detected malware in various versions of 4zuninstall videodownloadconverter.dll.
Overview
4zuninstall videodownloadconverter.dll has 2 known versions, the most recent one is 2, 5, 12, 0. During installation, a run registry key for all users is added that will cause the program to run each time any user logs on to Windows. It is installed as an Internet Explorer extension as a Browser Helper Object, often without any obvious user interface, and will start when IE loads. The average file size is about 691.36 KB. It is an authenticode code-signed executable issued to Mindspark Interactive Network by the certification authority VeriSign. The library is loaded into Internet Explorer as a BHO (browser helper object).
Details |
File name: | 4zuninstall videodownloadconverter.dll |
Publisher: | MindSpark |
Product name: | MindSpark Toolbar Platform for Internet Explorer and Firefox |
Description: | MindSpark Toolbar Platform |
Typical file path: | C:\Program Files\4zuninstall videodownloadconverter.dll |
Original name: | t8Bar.dll |
Certificate |
Issued to: | Mindspark Interactive Network |
Authority (CA): | VeriSign |
Effective date: | Tuesday, April 10, 2012 |
Expiration date: | Thursday, May 7, 2015 |
Behaviors
(Note, the behaviors below are for all versions of 4zuninstall videodownloadconverter.dll, select a unique version for details.)
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
- 'TelevisionFanaticbar Uninstall' → rundll32 C:\Program Files2\64UNIN~1.DLL,O -3
- 'ReadingFanatic_6xbar Uninstall' → rundll32 C:\Program Files1\6XUNIN~1.DLL,O -3
- 'MyFunCards_5mbar Uninstall' → rundll32 C:\Program Files1\5MUNIN~1.DLL,O -3
- 'Webfetti_52bar Uninstall' → rundll32 C:\Program Files2\52UNIN~1.DLL,O -3
- 'DailyBibleGuidebar Uninstall' → rundll32 C:\Program Files2\2VUNIN~1.DLL,O -3
- 'RadioRage_4jbar Uninstall' → rundll32 C:\Program Files1\4JUNIN~1.DLL,O -3
- 'VideoDownloadConverter_4zbar Uninstall' → rundll32 C:\Program Files1\4ZUNIN~1.DLL,O -3
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'VideoDownloadConverter' → rundll32 C:\Program Files1\VIDEOD~2\bar\1.bin\4zbar.dll,S
- 'TelevisionFanatic' → rundll32 C:\Program Files1\TELEVI~2\bar\1.bin\64bar.dll,S
- 'FromDocToPDF' → rundll32 C:\Program Files1\FROMDO~2\bar\1.bin\65bar.dll,S
- 'HeroicPlay' → rundll32 C:\Program Files1\HEROIC~2\bar\1.bin\6obar.dll,S
- 'Zwinky' → rundll32 C:\Program Files1\ZWINKY~2\bar\1.bin\5qbar.dll,S
- 'MapsGalaxy' → rundll32 C:\Program Files1\MAPSGA~2\bar\1.bin\39bar.dll,S
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
- BHO CLSID: {1e91a655-bb4b-4693-a05e-2edebc4c9d89}
- BHO CLSID: {9D717F81-9148-4f12-8568-69135F087DB0}
- BHO CLSID: {d5a1d22b-9e17-454f-8ecd-83c578fb3983}
- BHO CLSID: {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a}
- BHO CLSID: {27488090-768a-4d20-a938-f223f71c344c}
- BHO CLSID: {074d3229-0a22-491b-b9dd-ff3171d75f25}
- BHO CLSID: {58f7b5ca-1162-42e8-8bbc-d543b4edd780}
- BHO CLSID: {a235e1e3-6296-4710-af39-104a7faa6c7c}
- BHO CLSID: {312f84fb-8970-4fd3-bddb-7012eac4afc9}
- BHO CLSID: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97}
- BHO CLSID: {631acb68-57c3-48af-9cc5-fcec0837ffd3}
- BHO CLSID: {cb41fc95-f1b3-4797-8bb6-1012ff62abba}
Internet Explorer toolbars
Located in the registry at 'SOFTWARE\Microsoft\Internet Explorer\Toolbar'
- CLSID: {364ea597-e728-4ce4-bb4a-ed846ef47970}
- CLSID: {3775afd7-5921-4571-968f-85a631203d1c}
- CLSID: {2a942ab7-2073-49bc-a7e1-77e93835889a}
- CLSID: {3033124f-06bf-4829-873a-310a125b4d4c}
- CLSID: {07189b84-b33b-4a1e-9b32-ad203c983c20}
- CLSID: {cf67755f-9265-449c-87cf-b945519e073b}
- CLSID: {48586425-6bb7-4f51-8dc6-38c88e3ebb58}
- CLSID: {c66a678d-5e6c-4af9-8f57-c6192f42cf74}
- CLSID: {a899079d-206f-43a6-be6a-07e0fa648ea0}
- CLSID: {0b84b4b4-8af8-4f1f-91fe-074a666f6425}
- CLSID: {c98d5b61-b0ea-4d48-9839-1079d352d880}
Internet Explorer web browsers
Located in the registry at 'SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser'
- CLSID: {364EA597-E728-4CE4-BB4A-ED846EF47970}
- CLSID: {48586425-6BB7-4F51-8DC6-38C88E3EBB58}
- CLSID: {3775AFD7-5921-4571-968F-85A631203D1C}
- CLSID: {2A942AB7-2073-49BC-A7E1-77E93835889A}
- CLSID: {C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
- CLSID: {3033124F-06BF-4829-873A-310A125B4D4C}
- CLSID: {07189B84-B33B-4A1E-9B32-AD203C983C20}
- CLSID: {A899079D-206F-43A6-BE6A-07E0FA648EA0}
- CLSID: {0B84B4B4-8AF8-4F1F-91FE-074A666F6425}
- CLSID: {C98D5B61-B0EA-4D48-9839-1079D352D880}
Malware detections
Based on 40+ industry antivirus scanners, 10 of them detected the following malware.
Antivirus engine | Engine version | Detection | File version |
Antiy Labs AVL |
2.0.3.7 |
WebToolbar/Win32.MyWebSearch |
2, 5, 12, 0 |
avast! |
8.0.1489.320 |
Win32:Mindspark-A [PUP] |
2, 5, 12, 0 |
AVG |
2014.0.3629 |
Zango |
2, 5, 11, 3 |
AVG |
13.0.0.3169 |
Zango |
2, 5, 12, 0 |
ESET NOD32 |
7.8836 |
Win32/Toolbar.MyWebSearch.W |
2, 5, 12, 0 |
Kaspersky |
9.0.0.837 |
not-a-virus:WebToolbar.Win32.MyWebSearch.tzk |
2, 5, 12, 0 |
Kingsoft |
2013.1.8.219 |
Win32.Troj.Generic.a.(kcloud) |
2, 5, 11, 3 |
Rising Antivirus |
24.81.00.04 |
Trojan.Win32.Generic.14B5719C |
2, 5, 12, 0 |
VIPRE Antivirus |
16202 |
MyWebSearch.J (v) (not malicious) |
2, 5, 11, 3 |
VIPRE Antivirus |
21774 |
MyWebSearch.J (v) (not malicious) |
2, 5, 12, 0 |
All file variations of 4zuninstall videodownloadconverter.dll
Distribution by Windows OS
OS version | distribution |
Microsoft Windows XP |
32.39% |
|
Windows 7 Home Premium |
26.76% |
|
Windows 7 Ultimate |
15.49% |
|
Windows 8 |
8.45% |
|
Windows 8 Pro |
5.63% |
|
Windows 7 Professional |
4.23% |
|
Windows 7 Home Basic |
4.23% |
|
Windows Vista Home Premium |
2.82% |
|
Distribution by country
United States installs about 26.76% of MindSpark Toolbar Platform for Internet Explorer and Firefox.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Lenovo |
17.65% |
|
Acer |
17.65% |
|
GIGABYTE |
14.71% |
|
Toshiba |
11.76% |
|
Dell |
11.76% |
|
Intel |
8.82% |
|
Samsung |
8.82% |
|
Sony |
5.88% |
|
Hewlett-Packard |
2.94% |
|