PacFunction

PacFunction Description

PacFunction is adware that may show disturbing pop-up advertisements, messages and banners on the desktop of the PC. PacFunction may target all the Web browsers installed on the computer system involving Google Chrome, Mozilla Firefox and Internet Explorer and display annoying pop-up advertisements on every website visited by the computer user. The pop-up ads, messages and banners of PacFunction may be linked to the PC user's recent web searches or website content. PacFunction may replace search results in any popular search service with affiliated links that may contain various pop-up ads. Search results changed and provided by PacFunction in any well-known search provider may unwillingly reroute PC users to suspicious websites which may offer a variety of services or products. PacFunction may usually circulate and access the computer system through packaged freeware that PC users can download from unreliable download websites on the Internet. The main intention of PacFunction may be to make money from ad clicks and increased traffic of a suspicious website that may show commercial advertisements on the PC.
Aliases: PUP.Optional.PacFunction.A [Malwarebytes].

Infected with PacFunction? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect PacFunction

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of PacFunction outbreaks and other threats from global to local level.

File System Details

PacFunction creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES(x86)%\PacFunction\bin\utilPacFunction.exe 348,960 bf7dc1c0acfc23fe5b8ef7a512c7e5dd 783
2 %PROGRAMFILES(x86)%\PacFunction\updatePacFunction.exe 348,448 bbff6536988b67173548a22989183173 345
3 %PROGRAMFILES%\PacFunction\bin\FilterApp_C.exe 238,880 e165f5b027d7d5408766e50c4133863d 280
4 system32\drivers\wStLib64.sys 61,120 743bae812356266b0ed694650fc42144 268
5 %PROGRAMFILES%\PacFunction\PacFunction.FirstRun.exe 1,757,472 5935ea975ee733430740a87107e49c8a 170
6 %PROGRAMFILES%\PacFunction\PacFunctionbho.dll 249,632 fdb09a93129655e47c1ce86a17fb477e 80
7 %PROGRAMFILES(x86)%\PacFunction\bin\XTLSApp.exe 94,496 674f6d08c933a2aa01a3e5e1982301f7 36
8 %TEMP%\PacFunction\PacFunction_Setup.exe 2,286,784 1d36e6f224c4f3a3ffa90d8e84e4e2d6 20
9 system32\drivers\wStLibG64.sys 61,120 157afda5e4feaded92f0cb0a9160a98a 2,459
10 %PROGRAMFILES(x86)%\PacFunction\bin\PacFunctionBrowserFilter.exe 42,272 7ee3d5d1131ab791d434a1d255bc1059 2
11 %WINDIR%\System32\drivers\wStLibG.sys 52,928 bb5d419e1cb8623cc0b6b3cfdd626e2b 1,604
12 %WINDIR%\System32\drivers\tStLibG.sys 55,232 f1c1af216de79b1024c0cb1e9436f1a9 1,142
13 %PROGRAMFILES%\PacFunction 1
14 %PROGRAMFILES(x86)%\PacFunction N/A

Registry Details

PacFunction creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
SYSTEM\CurrentControlSet\services\Update PacFunction
SYSTEM\CurrentControlSet\services\eventlog\Application\Update PacFunction
SYSTEM\ControlSet002\services\Update PacFunction
SYSTEM\ControlSet002\services\eventlog\Application\Update PacFunction
SOFTWARE\PacFunction
SOFTWARE\Wow6432Node\PacFunction
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9aa72d95-59d7-4421-a02c-f93a1187a165}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9aa72d95-59d7-4421-a02c-f93a1187a165}
SOFTWARE\Microsoft\Tracing\updatePacFunction_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Tracing\updatePacFunction_RASMANCS
SOFTWARE\Microsoft\Tracing\updatePacFunction_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\updatePacFunction_RASAPI32
SOFTWARE\Microsoft\Tracing\PacFunction_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\PacFunction_RASAPI32
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3983585e-5d14-4d1d-a257-35b0d52f2dfc}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3983585e-5d14-4d1d-a257-35b0d52f2dfc}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3983585E-5D14-4D1D-A257-35B0D52F2DFC}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3983585E-5D14-4D1D-A257-35B0D52F2DFC}
Software\Microsoft\Internet Explorer\Approved Extensions, value: {3983585E-5D14-4D1D-A257-35B0D52F2DFC}
Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID, value: {9aa72d95-59d7-4421-a02c-f93a1187a165}
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
PacFunction
The following CLSID's were found:
HKEY..\..\{CLSID Path}
{3832A100-2C84-43FF-B228-ACBEC4A95EDD}
{3983585e-5d14-4d1d-a257-35b0d52f2dfc}
{74B52F4F-B4A9-46F0-ACAE-C5A97AABA21C}
{9aa72d95-59d7-4421-a02c-f93a1187a165}
{FA38D168-7DA3-4F0C-8CC0-75A6424113DC}

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 4 + 3 ?