Movies Toolbar

Movies Toolbar Description

ScreenshotMovies Toolbar is a toolbar/ browser hijacker that is able to enter vulnerable computers packed with numerous freeware applications from the Internet. Movies Toolbar can be installed on Internet Explorer, Mozilla Firefox or Google Chrome. Movies Toolbar makes changes to the affected web browser's settings, inserts its toolbar, and replaces the default homepage and default search engine with some suspicious website. Movies Toolbar is also categorized as a potentially unwanted program (PUP). Movie Toolbar is delivered by Bandoo Media, which is responsible for advertising more applications such as this one. The aim of Movies Toolbar is to push some doubtful advertisement websites by using tricky techniques. Movies Toolbar will force the affected PC user to use Search.ask.com as the main search engine. Movies Toolbar also adds numerous sponsored websites to the search results in any legal search engine on the targeted PC. Movies Toolbar can also result in unwanted hits to dubious websites and numerous pop-up ads shown on the victimized PCs.

Infected with Movies Toolbar? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Movies Toolbar

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.
Aliases: a variant of Win32/Toolbar.SearchSuite.D [ESET-NOD32], Artemis!6499FE08FADD [McAfee], Downloader/Win32.Agent [Antiy-AVL], Generic PUA KB [Sophos], PUP.Optional.Bandoo.A [Malwarebytes], Riskware/Agent [Fortinet], TROJ_GEN.F47V1116 [TrendMicro-HouseCall] and Unwanted-Program ( 00454f261 ) [K7GW].

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Movies Toolbar outbreaks and other threats from global to local level.

File System Details

Movies Toolbar creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES%\Movies Toolbar\SafetyNut\safety~2.dll 17,416 44738d469af3bde0d1ac7f16c8c50633 607
2 %PROGRAMFILES%\Movies Toolbar\Datamngr\mgrldr.dll 16,384 cac85dd6f220cbef0f2e7c34cd30ce15 525
3 %PROGRAMFILES%\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll 92,592 3a560e3678cbd0d4dfa3c7210dea0aa1 489
4 %PROGRAMFILES(x86)%\Movies Toolbar\Datamngr\DatamngrUI.exe 3,534,848 3b6b13167271c4b3c99b87a4e31d43ba 183
5 %PROGRAMFILES(x86)%\Movies Toolbar\Datamngr\DatamngrCoordinator.exe 3,180,032 411997298eb2bdc5d257703f4abd39a7 136
6 %UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic 81
7 %LocalAppData%\Google\Chrome\User Data\Default\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic 78
8 %ALLUSERSPROFILE%\Application Data\SafetyNut 75
9 %ALLUSERSPROFILE%\SafetyNut 72
10 %USERPROFILE%\AppData\LocalLow\somotomoviestoolbar1 47
11 %LOCALAPPDATA%\somotomoviestoolbar1 44
12 %PROGRAMFILES(x86)%\Movies Toolbar\SafetyNut\SafetyNutManager.exe 3,188,744 bf6bcf90bb4c22497b5b862e6eb35dae 1,625
13 %PROGRAMFILES(x86)%\Movies Toolbar\SafetyNut\safetynut.exe 3,534,856 6550fc28bdeb03018398ab3ec7da9eb6 1,581

Registry Details

Movies Toolbar creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
Software\APN DTX
Software\APN DTX\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}
Software\AppDataLow\Software\somotomoviestoolbar1
SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard
SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard.1
SOFTWARE\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B162FE9-68AE-40DA-A223-B3AEBB482B09}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93B41E47-367D-4687-A293-5A16D88D43B5}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3C010E6-5D85-4D77-ABF9-1602393140DC}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4F9C609-53A6-4B1B-9FFC-45497774BB94}
SOFTWARE\Microsoft\Internet Explorer\Toolbar, value: {3d86a75b-cb6b-4764-885d-ca6336f04ba2}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
SOFTWARE\SafetyNut
Software\Somoto
Software\somotomoviestoolbar1
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B162FE9-68AE-40DA-A223-B3AEBB482B09}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93B41E47-367D-4687-A293-5A16D88D43B5}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4F9C609-53A6-4B1B-9FFC-45497774BB94}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar, value: {3d86a75b-cb6b-4764-885d-ca6336f04ba2}
SOFTWARE\Wow6432Node\Microsoft\Tracing\tb_Movie_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\tb_Movie_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\somotomoviestoolbar1FF
SYSTEM\ControlSet001\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622
SYSTEM\ControlSet001\services\SafetyNutManager
SYSTEM\ControlSet002\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622
SYSTEM\ControlSet002\services\SafetyNutManager
SYSTEM\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
somotomoviestoolbar1CR
somotomoviestoolbar1FF
somotomoviestoolbar1IE
The following CLSID's were found:
HKEY..\..\{CLSID Path}
{3d86a75b-cb6b-4764-885d-ca6336f04ba2}
{C4F9C609-53A6-4B1B-9FFC-45497774BB94}
{934BEE21-C5A4-457E-B130-77CA098FBBD3}
{d6715933-3f8b-44bc-b4b2-682164832b31}
{338a754c-b46e-4bf2-8ac8-23de36862ad3}
{3444c3c5-6c56-4a16-a453-832b05bf6ea4}

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 13 + 5 ?