Movies Toolbar

Movies Toolbar Description

ScreenshotMovies Toolbar is a toolbar/ browser hijacker that is able to enter vulnerable computers packed with numerous freeware applications from the Internet. Movies Toolbar can be installed on Internet Explorer, Mozilla Firefox or Google Chrome. Movies Toolbar makes changes to the affected web browser's settings, inserts its toolbar, and replaces the default homepage and default search engine with some suspicious website. Movies Toolbar is also categorized as a potentially unwanted program (PUP). Movie Toolbar is delivered by Bandoo Media, which is responsible for advertising more applications such as this one. The aim of Movies Toolbar is to push some doubtful advertisement websites by using tricky techniques. Movies Toolbar will force the affected PC user to use Search.ask.com as the main search engine. Movies Toolbar also adds numerous sponsored websites to the search results in any legal search engine on the targeted PC. Movies Toolbar can also result in unwanted hits to dubious websites and numerous pop-up ads shown on the victimized PCs.
Aliases: Adware.Win64.SearchSuite.AeVo [Baidu-International], Artemis!5D8BE8191754 [McAfee], Trojan ( 0049f9491 ) [K7AntiVirus], PUA.Toolbar.SearchSuite! [Agnitum], Suspicious_GEN.F47V0808 [TrendMicro-HouseCall], not-a-virus:WebToolbar.Win64.SearchSuite.d [Kaspersky], Artemis [McAfee-GW-Edition], RiskWare[WebToolbar:not-a-virus]/Win64.SearchSuite [Antiy-AVL], Win32.Troj.Generic.a.(kcloud) [Kingsoft], PUP/Win32.SearchSuite [AhnLab-V3], Win32.Application.Searchsuite.C [GData], Trj/Chgt.C [Panda], PUA.Bandoo [Ikarus], Riskware/SearchSuite [Fortinet] and MalSign.Generic.1EE [AVG].

Infected with Movies Toolbar? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Movies Toolbar

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Movies Toolbar outbreaks and other threats from global to local level.

File System Details

Movies Toolbar creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES(x86)%\Movies Toolbar\SafetyNut\SafetyNutManager.exe 3,188,744 bf6bcf90bb4c22497b5b862e6eb35dae 694
2 %PROGRAMFILES(x86)%\Movies Toolbar\SafetyNut\safetynut.exe 3,534,856 6550fc28bdeb03018398ab3ec7da9eb6 675
3 %PROGRAMFILES%\Movies Toolbar\SafetyNut\safety~2.dll 17,416 44738d469af3bde0d1ac7f16c8c50633 259
4 %PROGRAMFILES%\Movies Toolbar\Datamngr\mgrldr.dll 16,384 cac85dd6f220cbef0f2e7c34cd30ce15 224
5 %PROGRAMFILES%\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll 92,592 3a560e3678cbd0d4dfa3c7210dea0aa1 210
6 \??\C:\Program Files\Movies Toolbar\SafetyNut\configmgrc1.cfg 31,104 8548b715b2940525c8ad1ff1679c1308 153
7 %LOCALAPPDATA%\ilividmoviestoolbar20\GC\IACNativeMsgHost.exe 156,088 600290bae905edc4eb07c84b372f92a5 122
8 %PROGRAMFILES(x86)%\Movies Toolbar\Datamngr\DatamngrUI.exe 3,534,848 3b6b13167271c4b3c99b87a4e31d43ba 78
9 %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob 70
10 \??\C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg 36,216 24a97cf9304d38b5515ef4a23f0e7505 69
11 %PROGRAMFILES(x86)%\Movies Toolbar\Datamngr\DatamngrCoordinator.exe 3,180,032 411997298eb2bdc5d257703f4abd39a7 58
12 %LocalAppData%\Google\Chrome\User Data\Default\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic 25
13 %ALLUSERSPROFILE%\Application Data\SafetyNut 24
14 %ALLUSERSPROFILE%\SafetyNut 23
15 \??\C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc2.cfg 41,848 ca686d8c371297b875bd84aab610bb29 1,137

More files

Registry Details

Movies Toolbar creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
somotomoviestoolbar1FF
somotomoviestoolbar1CR
somotomoviestoolbar1IE
somotomoviestoolbar181IE
somotomoviestoolbar181FF
somotomoviestoolbar181CR
savevidmoviestoolbarhaCR
savevidmoviestoolbarhaFF
ilividmoviestoolbar20CR
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Wow6432Node\Microsoft\Tracing\tb_Movie_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\tb_Movie_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\somotomoviestoolbar1FF
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}
SYSTEM\ControlSet001\services\SafetyNutManager
SYSTEM\ControlSet002\services\SafetyNutManager
SOFTWARE\SafetyNut
Software\somotomoviestoolbar1
SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard
SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard.1
Software\AppDataLow\Software\somotomoviestoolbar1
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic
SOFTWARE\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4F9C609-53A6-4B1B-9FFC-45497774BB94}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4F9C609-53A6-4B1B-9FFC-45497774BB94}
Software\APN DTX\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}
Software\APN DTX
Software\Somoto
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93B41E47-367D-4687-A293-5A16D88D43B5}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93B41E47-367D-4687-A293-5A16D88D43B5}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3C010E6-5D85-4D77-ABF9-1602393140DC}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar, value: {3d86a75b-cb6b-4764-885d-ca6336f04ba2}
SOFTWARE\Microsoft\Internet Explorer\Toolbar, value: {3d86a75b-cb6b-4764-885d-ca6336f04ba2}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B162FE9-68AE-40DA-A223-B3AEBB482B09}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B162FE9-68AE-40DA-A223-B3AEBB482B09}
SYSTEM\ControlSet001\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622
SYSTEM\ControlSet002\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622
SYSTEM\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622
Software\APNDTX
SYSTEM\ControlSet002\services\F06DEFF2-5B9C-490D-910F-35D3A91196222
SYSTEM\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A91196222
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C75A2D66-6D1D-4735-8F63-9D85DCC026A6}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c75a2d66-6d1d-4735-8f63-9d85dcc026a6}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C75A2D66-6D1D-4735-8F63-9D85DCC026A6}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c75a2d66-6d1d-4735-8f63-9d85dcc026a6}
SOFTWARE\Microsoft\Internet Explorer\Toolbar, value: {c75a2d66-6d1d-4735-8f63-9d85dcc026a6}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F66A6600-CA6C-4A5C-8320-6323A68559A5}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A161BA2F-4DAD-4F7D-B887-90A18B961F96}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A161BA2F-4DAD-4F7D-B887-90A18B961F96}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F66A6600-CA6C-4A5C-8320-6323A68559A5}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c75a2d66-6d1d-4735-8f63-9d85dcc026a6}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c75a2d66-6d1d-4735-8f63-9d85dcc026a6}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c75a2d66-6d1d-4735-8f63-9d85dcc026a6}
Software\AppDataLow\Software\somotomoviestoolbar181
Software\Microsoft\Internet Explorer\Approved Extensions, value: {338A754C-B46E-4BF2-8AC8-23DE36862AD3}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338a754c-b46e-4bf2-8ac8-23de36862ad3}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C75A2D66-6D1D-4735-8F63-9D85DCC026A6}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C75A2D66-6D1D-4735-8F63-9D85DCC026A6}
AppID\SavevidPluginCore.EXE
Wow6432Node\AppID\SavevidPluginCore.EXE
SOFTWARE\Classes\AppID\SavevidPluginCore.EXE
SOFTWARE\Classes\Wow6432Node\AppID\SavevidPluginCore.EXE
SOFTWARE\Classes\SavevidPluginCore.PluginManager
SOFTWARE\Classes\SavevidPluginCore.PluginManager.1
SOFTWARE\Wow6432Node\Classes\AppID\SavevidPluginCore.EXE
SavevidPluginCore.PluginManager
Software\savevidmoviestoolbarha
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaajhegnoacmkmglfacmbbhpoadcdkh
SOFTWARE\Google\Chrome\Extensions\aaaajhegnoacmkmglfacmbbhpoadcdkh
SYSTEM\ControlSet001\services\SavevidService
SYSTEM\ControlSet002\services\SavevidService
SYSTEM\CurrentControlSet\services\SavevidService
SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2427}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2427}
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
SOFTWARE\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaabcbmongicmdegkmmfgdickgnnob
SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaabcbmongicmdegkmmfgdickgnnob
The following CLSID's were found:
HKEY..\..\{CLSID Path}
{0050C303-0E30-48D3-B402-FB5D490CB89F}
{338a754c-b46e-4bf2-8ac8-23de36862ad3}
{3444c3c5-6c56-4a16-a453-832b05bf6ea4}
{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
{44E16FC6-3A79-4F00-8BF3-399AD9C403BF}
{587604F0-C55C-4F3F-8339-D634E878828E}
{6014D692-4409-4EDD-ABB2-36CA26DC2A2E}
{934BEE21-C5A4-457E-B130-77CA098FBBD3}
{C4F9C609-53A6-4B1B-9FFC-45497774BB94}
{d6715933-3f8b-44bc-b4b2-682164832b31}

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 8 + 12 ?