Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Relationships
Parent process
Related files
 PE file structure
|
Show functions |
Import table
advapi32.dll
OpenThreadToken, RevertToSelf, RegCreateKeyExA, RegSetValueExA, RegCloseKey, OpenServiceA, ControlService, DeleteService, OpenSCManagerA, CreateServiceA, StartServiceA, QueryServiceStatus, CloseServiceHandle, RegisterEventSourceA, ReportEventA, DeregisterEventSource, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, ImpersonateNamedPipeClient, InitializeSecurityDescriptor, DuplicateTokenEx
kernel32.dll
FreeLibrary, FormatMessageA, LoadLibraryExA, LockResource, LoadResource, FindResourceA, CloseHandle, CreateDirectoryA, CopyFileA, DeleteFileA, MoveFileA, _lclose, _lwrite, _llseek, _lcreat, _lopen, GetLocalTime, GetModuleFileNameA, GetCurrentThreadId, WaitForSingleObject, WaitForMultipleObjects, GetProcAddress, DisconnectNamedPipe, WriteFile, GetOverlappedResult, ReadFile, ConnectNamedPipe, SetLastError, ResetEvent, CreateNamedPipeA, CreateEventA, SetEvent, FreeResource, ExpandEnvironmentStringsA, GetVersionExA, GetLastError, LocalAlloc, lstrcpyA, lstrcmpiA, Sleep, LocalFree, EnterCriticalSection, LeaveCriticalSection, CreateThread, lstrlenA, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, DebugBreak, DeleteCriticalSection, InitializeCriticalSection, GetModuleHandleA, GetCommandLineA, ExitProcess, GetStartupInfoA, GetCurrentThread, lstrcpynA
shlwapi.dll
SHDeleteValueA, SHDeleteKeyA
user32.dll
CharNextA, wsprintfA
5zbarsvc.exe
PRODUCTVERS_NAME by Mindspark Interactive Network (Signed)
| Version: | 1, 0, 0, 9 |
| MD5: | 622fcf264119f7df127be353f796b319 |
| SHA1: | 56cf4f2ac44c6add5cdcd419ba4b99d22dc7a0e3 |
| SHA256: | 6689d8f62f860178685496ef45520967afaeff94cfbcc64cf77074f21577e0a2 |
Warning 5 antivirus scanners has detected malware.
What is 5zbarsvc.exe?
Installs a MyWebSearch Mindspring Toolbar and Search Assistant in your web browser which monitors your search habits and redirects advertisements and search behaviors.
About 5zbarsvc.exe (from Mindspark Interactive Network)
“The Toolbar installs into your Internet browser and allows you to search the Internet with MyWebSearch, a known adware type program that changes and redircts all of your search results as well as DNS ”
Details
| File name: | 5zbarsvc.exe |
| Publisher: | COMPANYVERS_NAME |
| Product name: | PRODUCTVERS_NAME |
| Description: | PRODUCTVERS_TITLE |
| Typical file path: | C:\Program Files\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe |
| Original name: | TWOLETTERPREFIXVERSsvc.exe |
| File version: | 1, 0, 0, 9 |
| Product version: | 2, 3, 0, 0 |
| Size: | 41.51 KB (42,504 bytes) |
| Certificate |
| Issued to: | Mindspark Interactive Network |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
|
Mindspark Interactive Network |
|
Functionality of the toolbar includes:
- Changing the web browser's default home page to MyWebSearch.com.
- Changing the browser's search provider, built-in search box to MyWebSearch.com.
- Ability to modify the 'new tab' functionality to launch the modified search portal page.
- Adds an alternative error page, DNS error and 'page not' found functionality.
- Adds additional functionality that is designed to protect the search and h...
|
Mindspark Interactive Network |
|
Functionality of the toolbar includes:
- Changing the web browser's default home page to MyWebSearch.com.
- Changing the browser's search provider, built-in search box to MyWebSearch.com.
- Ability to modify the 'new tab' functionality to launch the modified search portal page.
- Adds an alternative error page, DNS error and 'page not' found functionality.
- Adds additional functionality that is designed to protect the search and h...
|
Mindspark Interactive Network |
|
FromDocToPDF Firefox Toolbar is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers contextual based advertising. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a co-bundled offer within a third-party software distribut...
|
Mindspark Interactive Network |
|
FromDocToPDF Internet Explorer Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the toolb...
|
Mindspark Interactive Network |
|
MapsGalaxy Firefox Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.com or some other webpage. MyWebSearch automatically becomes your default search service which hijacks all your search requests as well as tracks your...
|
Mindspark Interactive Network |
|
MapsGalaxy Internet Explorer Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.com or some other webpage. MyWebSearch automatically becomes your default search service which hijacks all your search requests as well as t...
|
Mindspark Interactive Network |
|
Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.
|
Mindspark Interactive Network |
|
Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.
|
Mindspark Interactive Network |
|
ReadingFanatic Firefox Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the toolbar is ty...
|
Mindspark Interactive Network |
|
ReadingFanatic Internet Explorer Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the too...
|
Mindspark Interactive Network |
|
This toolbar/web browser extension is ad/search-supported that is typically installed as an optional offer, users generally have this bundled with 3rd party software. During setup, this toolbar will modify the home page and new tab pages to an affiliate search portal using a primary search engine in order to collect shared search revenue. It will also modify the default search provider as well.
|
Mindspark Interactive Network |
|
RadioRage Firefox Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.com or some other webpage. MyWebSearch automatically becomes your default search service which hijacks all your search requests as well as tracks your ...
|
Mindspark Interactive Network |
|
RadioRage Internet Explorer Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers. In order to provide search advertising revenue, the software is designed not only to modify the search provider but to protect it so that it remains the default browser search engine. It is typically installed via a bundled offer within a third-party software distribution. As for distribution, the toolbar ...
|
Mindspark Interactive Network |
|
This is a web browser extension/toolbar that will modify the user's home page and search provider to Ask.com.
|
Mindspark Interactive Network |
|
TelevisionFanatic Internet Explorer Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.com or some other webpage. MyWebSearch automatically becomes your default search service which hijacks all your search requests as we...
|
Mindspark Interactive Network |
|
Installs a potentailly unwanted Ask.com powered toolbr - "As part of the download process for the Toolbar, you may be given the option to reset your homepage and/or reset your new tab page to an Ask® home page and new tab product. This provides relevant links and results when you make a search request in your browser address bar or if your browser address (DNS) request is invalid, misspelled or incorrectly formatted. This is a search bo...
|
Mindspark Interactive Network |
|
FindMeFreebies is a Mindspark web browser toolbar that is designed to modify the users search and home pages to Ask.com (or MyWebSearch).
|
Mindspark Interactive Network |
|
HeroicPlay is a Mindspark web browser toolbar that is designed to modify the users search and home pages to Ask.com (or MyWebSearch).
|
Mindspark Interactive Network |
|
This toolbar/web browser extension is ad/search-supported that is typically installed as an optional offer, users generally have this bundled with 3rd party software. During setup, this toolbar will modify the home page and new tab pages to an affiliate search portal using a primary search engine in order to collect shared search revenue. It will also modify the default search provider as well.
|
Mindspark Interactive Network |
|
Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- Zwinky_5qService
- 'MapsGalaxy_39Service' (MapsGalaxyService)
- 'APlusGamer_63Service' (APlusGamerService)
- 'Astrology_4aService' (AstrologyService)
- 'Allin1Convert_8hService' (Allin1ConvertService)
- 'FromDocToPDF_65Service' (FromDocToPDFService)
- 'MarineAquarium3Free_57Service' (Marine Aquarium LiteService)
- 'InboxAce_1gService' (InboxAceService)
- 'BibleTriviaTime_4lService' (Know the BibleService)
User start menu folder
Shortcut pointer placed in '%appdata%\Microsoft\Windows\Start Menu'
- Shortcut to '4zbarsvc.exe'
Malware detections
Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| avast! |
6.0.1289.0 |
Win32:FunWeb-K [PUP] |
| AVG |
2014.0.3629 |
AdInstaller.FunWeb |
| Kingsoft |
2013.1.8.219 |
Win32.Malware.Heur_Generic.B.(kcloud) |
| Vba32 AntiVirus |
3.12.20.2 |
Worm.Runouce |
| VIPRE Antivirus |
16628 |
MyWebSearch.J (v) (not malicious) |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00028763% | |
| Kernel CPU: | 0.00017843% | |
| User CPU: | 0.00010920% | |
| Kernel CPU time: | 7,030 ms/min | |
| CPU cycles: | 7,716/sec | |
| Memory |
| Private memory: | 888.64 KB | |
| Private (maximum): | 2.1 MB | |
| Private (minimum): | 1.59 MB | |
| Non-paged memory: | 888.64 KB | |
| Virtual memory: | 23.38 MB | |
| Virtual memory (peak): | 26.93 MB | |
| Working set: | 1.59 MB | |
| Working set (peak): | 2.97 MB | |
| Page faults: | 1,670/min | |
| I/O |
| I/O read transfer: | 35 Bytes/sec | |
| I/O read operations: | 1/sec | |
| I/O write transfer: | 2 Bytes/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 9 Bytes/sec | |
| I/O other operations: | 2/sec | |
| Resource allocations |
| Threads: | 4 | |
| Handles: | 79 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command lines: |
- C:\progra~1\videod~2\bar\1.bin\4zbarsvc.exe
- C:\progra~2\televi~2\bar\1.bin\64barsvc.exe
- C:\progra~2\gaming~2\bar\1.bin\gtbarsvc.exe
- C:\progra~2\videod~2\bar\1.bin\4zbarsvc.exe
- C:\progra~1\dictio~2\bar\1.bin\v4barsvc.exe
- C:\progra~2\totalr~2\bar\1.bin\14barsvc.exe
- C:\progra~1\fromdo~2\bar\1.bin\65barsvc.exe
- (46 more)
|
| Owner: | SYSTEM |
| Windows Service |
| Service name: | MapsGalaxy_39Service |
| Display name: | Zwinky_5qService |
| Type: | Win32OwnProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| 5zbarsvc.exe (main module) |
| Total CPU: | 0.00054209% | |
| Kernel CPU: | 0.00027058% | |
| User CPU: | 0.00027151% | |
| CPU cycles: | 11,020/sec | |
| Memory: | 36 KB | |
| sechost.dll |
| Total CPU: | 0.00020837% | |
| Kernel CPU: | 0.00020048% | |
| User CPU: | 0.00000789% | |
| CPU cycles: | 2,052/sec | |
| Memory: | 100 KB | |
| wow64.dll |
| Total CPU: | 0.00012529% | |
| Kernel CPU: | 0.00012529% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 1,444/sec | |
| Memory: | 252 KB | |
| ntdll.dll |
| Total CPU: | 0.00001730% | |
| Kernel CPU: | 0.00001730% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 143/sec | |
| Memory: | 1.67 MB | |
| wow64cpu.dll |
| Total CPU: | 0.00001049% | |
| Kernel CPU: | 0.00000572% | |
| User CPU: | 0.00000477% | |
| CPU cycles: | 122/sec | |
| Memory: | 32 KB | |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
26.00% |
|
| Windows 7 Ultimate |
19.50% |
|
| Windows 7 Ultimate N |
17.50% |
|
| Microsoft Windows XP |
7.00% |
|
| Windows 8 Pro |
5.50% |
|
| Windows 7 Professional |
5.00% |
|
| Windows 8 |
4.50% |
|
| Windows Vista Home Basic |
4.50% |
|
| Windows 8 Pro with Media Center |
3.50% |
|
| Windows Vista Home Premium |
2.50% |
|
| Windows 7 Enterprise |
2.50% |
|
| Windows 8 Single Language |
1.00% |
|
| Windows 7 Home Basic |
1.00% |
|
Distribution by country
United States installs about 46.56% of PRODUCTVERS_NAME.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
23.53% |
|
| Toshiba |
20.00% |
|
| Acer |
18.82% |
|
| Hewlett-Packard |
17.65% |
|
| ASUS |
8.24% |
|
| GIGABYTE |
3.53% |
|
| Sony |
3.53% |
|
| Intel |
2.35% |
|
| Samsung |
1.76% |
|
| American Megatrends |
0.59% |
|
