4zuninstall videodownloadconverter.dll
MindSpark Toolbar Platform for Internet Explorer and Firefox by Mindspark Interactive Network (Signed)
| Version: | 2, 5, 11, 3 |
| MD5: | 9ca281c7d0b87d804bafffaf45f1f285 |
| SHA1: | 023614c5ad02aa589bb785ca5cf50dcf194c7aa8 |
| SHA256: | e407a21da9de00f202cee0fad00093abc41d3abec1d44179be0feda29d70ac9e |
Warning 3 antivirus scanners has detected malware.
Overview
4zuninstall videodownloadconverter.dll is malware that is loaded as dynamic link library that runs in the context of Internet Explorer. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). It is installed in Internet Explorer as a Browser Helper Object (BHO) which has full acess to the web browser's behaviors and content. The file is digitally signed by Mindspark Interactive Network which was issued by the VeriSign certificate authority (CA).
Details
| File name: | 4zuninstall videodownloadconverter.dll |
| Publisher: | MindSpark |
| Product name: | MindSpark Toolbar Platform for Internet Explorer and Firefox |
| Description: | MindSpark Toolbar Platform |
| Typical file path: | C:\Program Files\4zuninstall videodownloadconverter.dll |
| Original name: | t8Bar.dll |
| File version: | 2, 5, 11, 3 |
| Size: | 691.14 KB (707,728 bytes) |
| Certificate |
| Issued to: | Mindspark Interactive Network |
| Authority (CA): | VeriSign |
| Effective date: | Tuesday, April 10, 2012 |
| Expiration date: | Thursday, May 7, 2015 |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Behaviors
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
- 'TelevisionFanaticbar Uninstall' → rundll32 C:\Program Files2\64UNIN~1.DLL,O -3
- 'ReadingFanatic_6xbar Uninstall' → rundll32 C:\Program Files1\6XUNIN~1.DLL,O -3
- 'MyFunCards_5mbar Uninstall' → rundll32 C:\Program Files1\5MUNIN~1.DLL,O -3
- 'Webfetti_52bar Uninstall' → rundll32 C:\Program Files2\52UNIN~1.DLL,O -3
- 'DailyBibleGuidebar Uninstall' → rundll32 C:\Program Files2\2VUNIN~1.DLL,O -3
- 'RadioRage_4jbar Uninstall' → rundll32 C:\Program Files1\4JUNIN~1.DLL,O -3
- 'VideoDownloadConverter_4zbar Uninstall' → rundll32 C:\Program Files1\4ZUNIN~1.DLL,O -3
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'VideoDownloadConverter' → rundll32 C:\Program Files1\VIDEOD~2\bar\1.bin\4zbar.dll,S
- 'TelevisionFanatic' → rundll32 C:\Program Files1\TELEVI~2\bar\1.bin\64bar.dll,S
- 'FromDocToPDF' → rundll32 C:\Program Files1\FROMDO~2\bar\1.bin\65bar.dll,S
- 'HeroicPlay' → rundll32 C:\Program Files1\HEROIC~2\bar\1.bin\6obar.dll,S
- 'Zwinky' → rundll32 C:\Program Files1\ZWINKY~2\bar\1.bin\5qbar.dll,S
- 'MapsGalaxy' → rundll32 C:\Program Files1\MAPSGA~2\bar\1.bin\39bar.dll,S
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
- BHO CLSID: {1e91a655-bb4b-4693-a05e-2edebc4c9d89}
- BHO CLSID: {9D717F81-9148-4f12-8568-69135F087DB0}
- BHO CLSID: {d5a1d22b-9e17-454f-8ecd-83c578fb3983}
- BHO CLSID: {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a}
- BHO CLSID: {27488090-768a-4d20-a938-f223f71c344c}
- BHO CLSID: {074d3229-0a22-491b-b9dd-ff3171d75f25}
- BHO CLSID: {58f7b5ca-1162-42e8-8bbc-d543b4edd780}
- BHO CLSID: {a235e1e3-6296-4710-af39-104a7faa6c7c}
- BHO CLSID: {312f84fb-8970-4fd3-bddb-7012eac4afc9}
- BHO CLSID: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97}
- BHO CLSID: {631acb68-57c3-48af-9cc5-fcec0837ffd3}
- BHO CLSID: {cb41fc95-f1b3-4797-8bb6-1012ff62abba}
Internet Explorer toolbars
Located in the registry at 'SOFTWARE\Microsoft\Internet Explorer\Toolbar'
- CLSID: {364ea597-e728-4ce4-bb4a-ed846ef47970}
- CLSID: {3775afd7-5921-4571-968f-85a631203d1c}
- CLSID: {2a942ab7-2073-49bc-a7e1-77e93835889a}
- CLSID: {3033124f-06bf-4829-873a-310a125b4d4c}
- CLSID: {07189b84-b33b-4a1e-9b32-ad203c983c20}
- CLSID: {cf67755f-9265-449c-87cf-b945519e073b}
- CLSID: {48586425-6bb7-4f51-8dc6-38c88e3ebb58}
- CLSID: {c66a678d-5e6c-4af9-8f57-c6192f42cf74}
- CLSID: {a899079d-206f-43a6-be6a-07e0fa648ea0}
- CLSID: {0b84b4b4-8af8-4f1f-91fe-074a666f6425}
- CLSID: {c98d5b61-b0ea-4d48-9839-1079d352d880}
Internet Explorer web browsers
Located in the registry at 'SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser'
- CLSID: {364EA597-E728-4CE4-BB4A-ED846EF47970}
- CLSID: {48586425-6BB7-4F51-8DC6-38C88E3EBB58}
- CLSID: {3775AFD7-5921-4571-968F-85A631203D1C}
- CLSID: {2A942AB7-2073-49BC-A7E1-77E93835889A}
- CLSID: {C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
- CLSID: {3033124F-06BF-4829-873A-310A125B4D4C}
- CLSID: {07189B84-B33B-4A1E-9B32-AD203C983C20}
- CLSID: {A899079D-206F-43A6-BE6A-07E0FA648EA0}
- CLSID: {0B84B4B4-8AF8-4F1F-91FE-074A666F6425}
- CLSID: {C98D5B61-B0EA-4D48-9839-1079D352D880}
Malware detections
Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| AVG |
2014.0.3629 |
Zango |
| Kingsoft |
2013.1.8.219 |
Win32.Troj.Generic.a.(kcloud) |
| VIPRE Antivirus |
16202 |
MyWebSearch.J (v) (not malicious) |
Distribution by Windows OS
| OS version | distribution |
| Microsoft Windows XP |
32.39% |
|
| Windows 7 Home Premium |
26.76% |
|
| Windows 7 Ultimate |
15.49% |
|
| Windows 8 |
8.45% |
|
| Windows 8 Pro |
5.63% |
|
| Windows 7 Professional |
4.23% |
|
| Windows 7 Home Basic |
4.23% |
|
| Windows Vista Home Premium |
2.82% |
|
Distribution by country
United States installs about 26.76% of MindSpark Toolbar Platform for Internet Explorer and Firefox.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Lenovo |
17.65% |
|
| Acer |
17.65% |
|
| GIGABYTE |
14.71% |
|
| Toshiba |
11.76% |
|
| Dell |
11.76% |
|
| Intel |
8.82% |
|
| Samsung |
8.82% |
|
| Sony |
5.88% |
|
| Hewlett-Packard |
2.94% |
|
