Bang5Tao Ads

By GoldSparrow in Adware

Threat Scorecard

Ranking:	8,447
Threat Level:	20 % (Normal)
Infected Computers:	20,937

First Seen:	September 10, 2015
Last Seen:	February 6, 2024
OS(es) Affected:	Windows

The Bang5Tao Chinese browser plug-in from B5MSoft Ltd. is promoted as a search enhancer, and it may travel bundled with free media players like iQIYI and DAUM Pot Player. The Bang5Tao browser plugin may change your default search engine and homepage to Baidu.com and slow down your Internet browser. Security investigators recognize the Bang5Tao plugin as adware that may run as a background service on your system named b5t.exe. The Bang5Tao adware may redirect you to sponsored websites and offer you to purchase goods in Chinese online stores that may not be welcomed by non-mandarin speakers. Additionally, the Bang5Tao adware may reroute your Internet traffic through the servers of advertisers and collect Internet usage statistics like your browsing and download history.

The Bang5Tao adware may change your DNS settings and use DOM storage data to facilitate behavioral marketing. Security investigators note that the ads by Bang5Tao may appear as banners, pop-up windows, floating ad-boxes and might not be safe. The Bang5Tao adware may register several runtime DLL files in Windows and affect Internet Explorer, Google Chrome and Mozilla Firefox. Moreover, users that are infected with the Bang5Tao adware may be provided with links to suspicious websites that may host the Parite cyber threat. The Bang5Tao adware is similar to the Eye Perform adware and may place its main executable in the AppData folder to avoid security scans. The Bang5Tao can run on 32-bit and 64-bit Windows systems, and you should use a renowned anti-spyware utility to clean your machine.

Table of Contents

SpyHunter Detects & Remove Bang5Tao Ads

File System Details

Bang5Tao Ads may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	jyueservice.exe	fc8f7d993308463598f91d301b84498f	635
Name: jyueservice.exe MD5: fc8f7d993308463598f91d301b84498f Size: 304.08 KB (304088 bytes) Detections: 635 Type: Executable File Path: %LOCALAPPDATA%\jyrl\jyriliapp Group: Malware file Last Updated: December 31, 2016
2.	b5tservice.exe	7492655675372d76cc0a111ad59b31b3	105
Name: b5tservice.exe MD5: 7492655675372d76cc0a111ad59b31b3 Size: 578.36 KB (578368 bytes) Detections: 105 Type: Executable File Path: c:\Users\<username>\appdata\local\b5t\share\b5tservice.exe Group: Malware file Last Updated: July 5, 2022
3.	jywebHelper.dll	c4650ca4cde53a17179a473b37fc3fa9	102
Name: jywebHelper.dll MD5: c4650ca4cde53a17179a473b37fc3fa9 Size: 438.72 KB (438720 bytes) Detections: 102 Type: Dynamic link library Path: %USERPROFILE%\Local Settings\Application Data\jyrili\jyriliapp Group: Malware file Last Updated: February 16, 2020
4.	ascroll.exe	028425b755ede72b7a01af1e87135b25	59
Name: ascroll.exe MD5: 028425b755ede72b7a01af1e87135b25 Size: 187 KB (187000 bytes) Detections: 59 Type: Executable File Path: %APPDATA%\25074415 Group: Malware file Last Updated: July 16, 2018
5.	ascroll.exe	fc65c6849088538faebfd8674a60e53b	55
Name: ascroll.exe MD5: fc65c6849088538faebfd8674a60e53b Size: 187 KB (187000 bytes) Detections: 55 Type: Executable File Path: %APPDATA%\983422375 Group: Malware file Last Updated: September 25, 2020
6.	jyueservice.exe	5dfa9265736b6ce839854cd46341f135	43
Name: jyueservice.exe MD5: 5dfa9265736b6ce839854cd46341f135 Size: 304.21 KB (304216 bytes) Detections: 43 Type: Executable File Path: %USERPROFILE%\Local Settings\Application Data\jyrl\jyriliapp Group: Malware file Last Updated: December 31, 2016
7.	B5TPopup.exe	2b6b50f368bb6b488d6f0e76fb61071c	19
Name: B5TPopup.exe MD5: 2b6b50f368bb6b488d6f0e76fb61071c Size: 796.99 KB (796992 bytes) Detections: 19 Type: Executable File Path: C:\Users\<username>\AppData\Local\B5T\6.0.5.8\B5TPopup.exe Group: Malware file Last Updated: July 5, 2022
8.	jywebHelper.dll	6d49ddbfab45f31a910b52dfa890a486	16
Name: jywebHelper.dll MD5: 6d49ddbfab45f31a910b52dfa890a486 Size: 369.78 KB (369784 bytes) Detections: 16 Type: Dynamic link library Path: %APPDATA%\1361841 Group: Malware file Last Updated: March 14, 2017
9.	ascroll.exe	977264a9cb6d0d0d55a72a60336769c6	14
Name: ascroll.exe MD5: 977264a9cb6d0d0d55a72a60336769c6 Size: 187 KB (187000 bytes) Detections: 14 Type: Executable File Path: %APPDATA%\3799468 Group: Malware file Last Updated: November 2, 2019
10.	jyueservice.exe	362ad04d1ec05115d2ea03914ebd1566	9
Name: jyueservice.exe MD5: 362ad04d1ec05115d2ea03914ebd1566 Size: 312.95 KB (312952 bytes) Detections: 9 Type: Executable File Path: %APPDATA%\43654820 Group: Malware file Last Updated: December 31, 2016
11.	jyueservice.exe	3804974366d89c828b38d7c8677b1f07	8
Name: jyueservice.exe MD5: 3804974366d89c828b38d7c8677b1f07 Size: 304.08 KB (304088 bytes) Detections: 8 Type: Executable File Path: %LOCALAPPDATA%\jyrl\jyriliapp Group: Malware file Last Updated: December 31, 2016
12.	jywebHelper.dll	9972c4022ab4dfd075c0807e651857bd	8
Name: jywebHelper.dll MD5: 9972c4022ab4dfd075c0807e651857bd Size: 370.8 KB (370808 bytes) Detections: 8 Type: Dynamic link library Path: D:\C\COMPAQ\AppData\Roaming\2321437\jywebHelper.dll Group: Malware file Last Updated: April 27, 2022
13.	jywebHelper.dll	35b3efcb874ad7289941fb1a9c93b401	6
Name: jywebHelper.dll MD5: 35b3efcb874ad7289941fb1a9c93b401 Size: 371.32 KB (371320 bytes) Detections: 6 Type: Dynamic link library Path: %APPDATA%\3799468 Group: Malware file Last Updated: March 14, 2017
14.	jyueservice.exe	9a0b086376c588a2b292b7101eea2553	4
Name: jyueservice.exe MD5: 9a0b086376c588a2b292b7101eea2553 Size: 304.06 KB (304064 bytes) Detections: 4 Type: Executable File Path: %LOCALAPPDATA%\jyrl\jyriliapp Group: Malware file Last Updated: December 31, 2016
15.	jywebHelper.dll	88c2823985afda90019787064cf88634	4
Name: jywebHelper.dll MD5: 88c2823985afda90019787064cf88634 Size: 369.78 KB (369784 bytes) Detections: 4 Type: Dynamic link library Path: %WINDIR%\SysWow64\config\systemprofile\AppData\Roaming\21089541 Group: Malware file Last Updated: March 14, 2017
16.	jywebHelper.dll	695f411b0db42fd91473fec7cdf85920	4
Name: jywebHelper.dll MD5: 695f411b0db42fd91473fec7cdf85920 Size: 370.29 KB (370296 bytes) Detections: 4 Type: Dynamic link library Path: %APPDATA%\3428964 Group: Malware file Last Updated: July 16, 2018
17.	jyueservice.exe	0ce685491b2de3a303253932c0f4d5ba	3
Name: jyueservice.exe MD5: 0ce685491b2de3a303253932c0f4d5ba Size: 304.08 KB (304088 bytes) Detections: 3 Type: Executable File Path: %LOCALAPPDATA%\jyrl\jyriliapp Group: Malware file Last Updated: December 31, 2016
18.	jyueservice.exe	23a75f610e01489c56c1b1a3f0156e1e	3
Name: jyueservice.exe MD5: 23a75f610e01489c56c1b1a3f0156e1e Size: 312.95 KB (312952 bytes) Detections: 3 Type: Executable File Path: %LOCALAPPDATA%\jyrl\jyriliapp Group: Malware file Last Updated: December 31, 2016
19.	bandac.exe	ef15d54add4e3f5eadc47dc326b04b44	3
Name: bandac.exe MD5: ef15d54add4e3f5eadc47dc326b04b44 Size: 178.6 KB (178600 bytes) Detections: 3 Type: Executable File Path: %APPDATA%\437239 Group: Malware file Last Updated: August 24, 2017
20.	jywebHelper.dll	1fa78fa4a59fa1e0a8b16ed892c40d6a	2
Name: jywebHelper.dll MD5: 1fa78fa4a59fa1e0a8b16ed892c40d6a Size: 438.23 KB (438232 bytes) Detections: 2 Type: Dynamic link library Path: %LOCALAPPDATA%\jyrl\jyriliapp Group: Malware file Last Updated: March 14, 2017
21.	jyueservice.exe	6d7900edb24e2f7cb5f8223231e8879e	2
Name: jyueservice.exe MD5: 6d7900edb24e2f7cb5f8223231e8879e Size: 312.95 KB (312952 bytes) Detections: 2 Type: Executable File Path: %APPDATA%\35305718 Group: Malware file Last Updated: December 31, 2016
22.	jyueservice.exe	bf6d395dc7b80534d30e2608435586e0	1
Name: jyueservice.exe MD5: bf6d395dc7b80534d30e2608435586e0 Size: 312.95 KB (312952 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\7815312 Group: Malware file Last Updated: December 31, 2016
23.	jyueservice.exe	250d3257e2a770be461f0ec23784fc9c	1
Name: jyueservice.exe MD5: 250d3257e2a770be461f0ec23784fc9c Size: 312.95 KB (312952 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\5736703 Group: Malware file Last Updated: December 31, 2016
24.	jyueservice.exe	9129baeb032a419a3fabb912368bcf6b	1
Name: jyueservice.exe MD5: 9129baeb032a419a3fabb912368bcf6b Size: 205.43 KB (205432 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\787250 Group: Malware file Last Updated: December 31, 2016
25.	jyueservice.exe	59e6417f8d7c6edb0c8f6dcfcd66adaf	1
Name: jyueservice.exe MD5: 59e6417f8d7c6edb0c8f6dcfcd66adaf Size: 312.95 KB (312952 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\96584187 Group: Malware file Last Updated: December 31, 2016
26.	bandac.exe	739f96dcec4625233fc073eb46f14658	1
Name: bandac.exe MD5: 739f96dcec4625233fc073eb46f14658 Size: 184.12 KB (184128 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\297437 Group: Malware file Last Updated: August 24, 2017
27.	bandac.exe	486096277b9a724926ce97d8fe730646	1
Name: bandac.exe MD5: 486096277b9a724926ce97d8fe730646 Size: 178.6 KB (178600 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\999464718 Group: Malware file Last Updated: August 24, 2017

More files

Registry Details

Bang5Tao Ads may create the following registry entry or registry entries:

CLSID

{260669B1-FC2C-41C0-BAA2-6EF3BB188660}

{49037283-B545-42CB-9A9A-27661E5E8C9D}

{50C04C40-4BD9-45A0-9423-7A473E5493F2}

{73CBCCED-2D9F-4ABB-904A-DA8C08B341F4}

File name without path

http_t.b5m.com_0.localstorage

http_t.b5m.com_0.localstorage-journal

HKEY..\..\..\..{RegistryKeys}

Software\B5MSoft\B5T

SOFTWARE\B5TService

SOFTWARE\Classes\b5m_app_extension.ShopAssist

Software\Classes\B5MSoft.Bang5TaoPlugin

Software\Classes\B5MSoft.Bang5TaoPlugin.1

SOFTWARE\Classes\Wow6432Node\AppID\b5m_app_extension.DLL

SOFTWARE\Google\Chrome\NativeMessagingHosts\com.b5t.chrome.namsg.b5t

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FEACEAD-DF16-43F3-8C0E-C60EC5277EA9}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E4F4BB3-82A5-4145-82E0-DA8886E3EAA0}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69E48444-5D4C-4741-960A-3D117D062906}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C02014-DFC0-45FC-A679-993156DE9759}

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\b5m.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\t.b5m.com

SOFTWARE\Microsoft\Tracing\B5TClient_RASAPI32

SOFTWARE\Microsoft\Tracing\B5TClient_RASMANCS

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58d47fff-63ef-572e-843f-e5dd6aa0005d}

SOFTWARE\MozillaPlugins\B5MSoft.com/Bang5TaoPlugin

SOFTWARE\Wow6432Node\B5TService

SOFTWARE\Wow6432Node\Classes\AppID\b5m_app_extension.DLL

SOFTWARE\Wow6432Node\Microsoft\Tracing\B5TClient_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\B5TClient_RASMANCS

SYSTEM\ControlSet001\Services\B5TService

Directories

Bang5Tao Ads may create the following directory or directories:

%ALLUSERSPROFILE%\B5TTmp

%LOCALAPPDATA%\B5T

%LOCALAPPDATA%\jyrili

%LOCALAPPDATA%\jyrl

%PROGRAMFILES%\B5TService

%PROGRAMFILES(x86)%\B5TService

%USERPROFILE%\AppData\LocalLow\B5T

%USERPROFILE%\AppData\LocalLow\B5TUpdate

%UserProfile%\Local Settings\Application Data\B5T

%localappdata%\fanqianbao

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Bang5Tao Ads

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Bang5Tao Ads

File System Details

Registry Details

Directories

Submit Comment

Trending

Flameforgesmith.top

MacOS Is Infected - Virus Found Notification Scam

FlashMail Ads

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?