Guffins Toolbar

By Domesticus in Potentially Unwanted Programs

Threat Scorecard

Ranking:	11,295
Threat Level:	50 % (Medium)
Infected Computers:	16,825

First Seen:	February 8, 2011
Last Seen:	September 14, 2023
OS(es) Affected:	Windows

The Guffins Toolbar is a browser toolbar that malware analysts have linked to unwanted symptoms and potential threat-like symptoms. The Guffins Toolbar may affect the most popular browsers on the market, including Safari, Chrome, Firefox and Internet Explorer. The Guffins Toolbar is promoted as a way to carry out searches effectively directly from your Web browser. However, any supposed benefits of using the Guffins Toolbar are far outweighed by symptoms associated with this browser extension. The Guffins Toolbar has often been classified as a Potentially Unwanted Program or PUP.

Table of Contents

Infection Vectors Used by the Guffins Toolbar

The Guffins Toolbar is often included in the installation process of various freeware programs as a way for the creators of freeware to finance their efforts. However, many computer users have noted that the Guffins Toolbar makes changes to their browser settings such as changing the default search engine. These changes may be inconvenient and often invasive. Usually, it is possible to opt out from installing the Guffins Toolbar. However, computer users in a rush may click through the installation process without taking note of this option. While the Guffins Toolbar does not pose a direct threat to your computer, the fact that the Guffins Toolbar changes your browser's default search engine and causes some browser redirects may quickly become irritating. It is important for software developers to realize that forcing computer users to install a toolbar or change their search engine is no longer a viable option due to these tactics' association with harmful threats.

The Guffins Toolbar Should Be Removed from Your Computer

While it is usually a good idea to scan your computer with a reliable anti-malware program periodically, this may not recognize the Guffins Toolbar as a PUP. Because of this, security analysts recommend first uninstalling the Guffins Toolbar using normal software uninstallation procedures. Once the Guffins Toolbar has been removed, a reliable security program should be used to scan the infected computer in search for any remaining components. Finally, malware analysts recommend making sure that no changes made by the Guffins Toolbar to your computer's settings remain in place once this PUP has been removed.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
Kaspersky	not-a-virus:WebToolbar.Win32.MyWebSearch.qe
Avast	Win32:FunWeb-K [PUP]
ClamAV	Adware.Funweb-12
Avast	Win32:PUP-gen [PUP]
DrWeb	Tool.InstallToolbar.5
Kaspersky	not-a-virus:WebToolbar.Win32.MyWebSearch.gen
Avast	Win32:FunWeb-F [PUP]
Comodo	UnclassifiedMalware
AntiVir	TR/Dropper.Gen
eSafe	Win32.TRDropper
Ikarus	Trojan-Dropper
McAfee	Artemis!FF93BBA8ED92
Kaspersky	not-a-virus:WebToolbar.Win32.MyWebSearch.gi
Kaspersky	not-a-virus:AdWare.Win32.FunWeb.kg
Antiy-AVL	AdWare/Win32.FunWeb.gen

SpyHunter Detects & Remove Guffins Toolbar

File System Details

Guffins Toolbar may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	u4barsvc.exe	d567a0e42a9846e16af175d1a5a0a6e2	4,296
Name: u4barsvc.exe MD5: d567a0e42a9846e16af175d1a5a0a6e2 Size: 28.76 KB (28766 bytes) Detections: 4,296 Type: Executable File Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: February 16, 2014
2.	u4brmon.exe	88501a730bdf8b10289c86948bce3088	3,786
Name: u4brmon.exe MD5: 88501a730bdf8b10289c86948bce3088 Size: 20.48 KB (20480 bytes) Detections: 3,786 Type: Executable File Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: February 16, 2014
3.	u4SrcAs.dll	0a7f45f8a11ed8b5bf17c377ef2742a7	2,141
Name: u4SrcAs.dll MD5: 0a7f45f8a11ed8b5bf17c377ef2742a7 Size: 53.24 KB (53248 bytes) Detections: 2,141 Type: Dynamic link library Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: February 13, 2014
4.	qvbarsvc.exe	7b4f2eec968a92450d8d076f9be0e39f	806
Name: qvbarsvc.exe MD5: 7b4f2eec968a92450d8d076f9be0e39f Size: 28.76 KB (28766 bytes) Detections: 806 Type: Executable File Path: %PROGRAMFILES%\GuffinsIE\bar\1.bin Group: Malware file Last Updated: December 15, 2014
5.	qvbrmon.exe	040725c563b443fc5657c7748094fd08	787
Name: qvbrmon.exe MD5: 040725c563b443fc5657c7748094fd08 Size: 20.48 KB (20480 bytes) Detections: 787 Type: Executable File Path: %PROGRAMFILES%\GuffinsIE\bar\1.bin Group: Malware file Last Updated: December 15, 2014
6.	u4SrcAs.dll	760b1e71604a9c93df98124c0008aaa8	422
Name: u4SrcAs.dll MD5: 760b1e71604a9c93df98124c0008aaa8 Size: 53.24 KB (53248 bytes) Detections: 422 Type: Dynamic link library Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: February 7, 2014
7.	u4barsvc.exe	0e06a823e4ab5be8e9d975b30301231a	398
Name: u4barsvc.exe MD5: 0e06a823e4ab5be8e9d975b30301231a Size: 28.76 KB (28766 bytes) Detections: 398 Type: Executable File Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: February 16, 2014
8.	u4brmon.exe	0f043fdb2a609b6e505b520b44b523f2	348
Name: u4brmon.exe MD5: 0f043fdb2a609b6e505b520b44b523f2 Size: 20.48 KB (20480 bytes) Detections: 348 Type: Executable File Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: February 16, 2014
9.	u4bar.dll	bc63b10fbfeffe202bdb75330198e6af	348
Name: u4bar.dll MD5: bc63b10fbfeffe202bdb75330198e6af Size: 655.36 KB (655360 bytes) Detections: 348 Type: Dynamic link library Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: February 7, 2014
10.	u4bar.dll	3a9faa31508c511cf697d2641cb2524f	267
Name: u4bar.dll MD5: 3a9faa31508c511cf697d2641cb2524f Size: 643.07 KB (643072 bytes) Detections: 267 Type: Dynamic link library Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: October 29, 2013
11.	u4SrcAs.dll	dd818f409822afbdb199dbfe05ee3baa	263
Name: u4SrcAs.dll MD5: dd818f409822afbdb199dbfe05ee3baa Size: 49.15 KB (49152 bytes) Detections: 263 Type: Dynamic link library Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: October 29, 2013
12.	qvbrmon.exe	78eb108c714b2b39b0240616fe0a1631	204
Name: qvbrmon.exe MD5: 78eb108c714b2b39b0240616fe0a1631 Size: 27.64 KB (27648 bytes) Detections: 204 Type: Executable File Path: %PROGRAMFILES%\GuffinsIE\bar\1.bin Group: Malware file Last Updated: January 21, 2015
13.	u4bar.dll	c0c916f2176b8ba0dfc80b150876b270	28
Name: u4bar.dll MD5: c0c916f2176b8ba0dfc80b150876b270 Size: 684.03 KB (684032 bytes) Detections: 28 Type: Dynamic link library Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: May 7, 2013
14.	u4bar.dll	12f94d14280b886cd6da6c3c4d0fea76	12
Name: u4bar.dll MD5: 12f94d14280b886cd6da6c3c4d0fea76 Size: 684.03 KB (684032 bytes) Detections: 12 Type: Dynamic link library Path: %PROGRAMFILES%\Guffins\bar\1.bin Group: Malware file Last Updated: June 28, 2011
15.	tb_guffins.exe	7c2593e3cde42c5ce14193fe69d9e85b	1
Name: tb_guffins.exe MD5: 7c2593e3cde42c5ce14193fe69d9e85b Size: 202.51 KB (202512 bytes) Detections: 1 Type: Executable File Group: Malware file Last Updated: August 17, 2022

Registry Details

Guffins Toolbar may create the following registry entry or registry entries:

CLSID

{006bff73-d6b8-4cc0-a982-1e041d625b08}

{0B070B7B-5574-4735-B4AA-0543DF03FDFA}

{0C501912-C553-46A2-A9A5-363879580516}

{10281CC0-D529-4C37-86F9-13A91366200E}

{15840EEE-DE9D-41F2-B0B2-0B26893CF3FF}

{18E5FE5F-481D-4991-B833-CA21803D5E7D}

{1b3f043d-1afc-4bc1-8c5e-6dc54ead3ae1}

{1D00DBBA-73F1-4784-88D3-2EEC61B2E99B}

{1D69E858-32D5-4888-A395-579C8124112B}

{1f28c606-9536-4078-b89f-143b5c01571c}

{20FA25EB-486C-4B69-8E2D-169FD142B2FB}

{215A124E-B3CB-4822-BF95-6780ABC06582}

{237002D9-BF31-4048-8526-2F74A14ADF06}

{237AA3E1-21B0-4816-B9A1-29041B2D7CCB}

{23A2E241-83AF-4A83-B10F-56AE41F33C9B}

{2F9D6356-12E8-428B-8044-F5DD45CF5ABE}

{38DE6695-D027-411F-BB47-432251469183}

{3A6464C8-ADB1-4CD4-AB6F-DC3AC2F2850C}

{3AE17F58-6AA8-44D1-9B1A-A0B46BCF2849}

{442d3d85-b938-4ff8-9c15-027405dea3ec}

{44A28C79-727D-40AD-9B8C-287DBC2F6151}

{47b3f06e-cec0-4670-ae2f-033f46ea5177}

{49a32f81-0ba1-4b43-856c-9a61425e5bf1}

{4A8AA6E6-54C5-4A40-89F3-62ACD51A2069}

{543822E6-2CB0-414A-BEF5-55F894118BB4}

{54d836b9-1df3-4f0c-b502-e9e9d27b7f9a}

{689FA5E9-E6E1-43E8-8AAD-02BECF242254}

{6BDBEE40-391D-44E5-9D40-8035CC2BB6EC}

{71A63FCB-02F9-4632-B7CE-2D136BF2EAC8}

{71a84035-08ad-4964-b6e9-9ffc06390057}

{7832DE29-0904-406C-AD68-E0D5C3C3A4EA}

{78B00903-4404-4282-BB23-E27CB8DD6C2A}

{7C75F6AB-5FB4-4AB2-AC5C-8A9AE211553E}

{8013018c-73f4-4642-b2d1-9d83c2aafbc2}

{8EF6E3A3-2C8D-4CD3-8FA3-8E901D8EFA90}

{94DB1B60-E0AE-4F0F-9121-509231DA2C14}

{956e5a3f-b1c2-4e81-9f30-84349ce7baf0}

{96507BD3-61F8-43AF-8317-172AEB2452E0}

{9a04e19d-aaf5-4d2b-87c6-2f01b7e205b4}

{A1296D39-A3E3-4E05-8338-5FFDD543E211}

{a6405ec8-0e8a-49af-978e-f7fac946950b}

{A7AE7537-9C87-4F9C-A494-84FA5AD092F0}

{AC480FBE-24AB-4372-9A32-02AB0BAE8B6B}

{ae71ca5e-f67d-4507-8ee3-2c64c79131fe}

{B30438D0-2FEF-4A56-9BA8-BF9EF7D21AF3}

{B51057A6-574B-47D9-A64A-5D31E1AD412C}

{BE097EF3-A230-4EDE-B209-CE8681F2140A}

{c3d3840c-12ea-4461-a61d-190555fecc82}

{D51BF978-3D10-4809-AE62-A1A0CCEBF616}

{d6a34acb-76fa-4a14-88ea-5d54797a2028}

{DCE4E9A8-0DEA-435D-BE37-96CD5742C66C}

{de2fdf7c-2637-4ba3-b427-3fce2d331db5}

{EF8A3F71-3ADC-41F9-866D-BD9EB9AC63FD}

{F1BCE5CE-2A8E-4F20-8FC8-8E32CD8C9F70}

{F379BD31-1B3D-41F7-9349-35004298B4C6}

{f8e548a0-ad49-456c-a72c-977d06415c68}

{f8f03266-dec7-4f5c-a6d3-d88533ee9070}

{FF777BF5-D424-4519-A61E-2B5BB204894D}

File name without path

http_guffins.dl.tb.ask.com_0.localstorage

http_guffins.dl.tb.ask.com_0.localstorage-journal

HKEY..\..\..\..{RegistryKeys}

Software\AppDataLow\Software\Guffins

SOFTWARE\Guffins

Software\Microsoft\Internet Explorer\Approved Extensions\{A916EEFE-6A17-4D7D-A131-2738B260BB55}

Software\Microsoft\Internet Explorer\Approved Extensions\{c7a7f370-62d8-4db8-9fb2-4afc0a7c3dea}

Software\Microsoft\Internet Explorer\Approved Extensions\{D6A34ACB-76FA-4A14-88EA-5D54797A2028}

Software\Microsoft\Internet Explorer\Approved Extensions\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1d2aa885-2c50-4758-a262-17254662a5d5}

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49a32f81-0ba1-4b43-856c-9a61425e5bf1}

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c277597d-c02b-4c09-9778-671530d2700f}

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ff777bf5-d424-4519-a61e-2b5bb204894d}

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_guffins.exe

Software\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}

Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}

SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c7a7f370-62d8-4db8-9fb2-4afc0a7c3dea}

SOFTWARE\Microsoft\Internet Explorer\Toolbar\{de2fdf7c-2637-4ba3-b427-3fce2d331db5}

Software\Microsoft\Internet Explorer\URLSearchHooks\{c3d3840c-12ea-4461-a61d-190555fecc82}

SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{c7a7f370-62d8-4db8-9fb2-4afc0a7c3dea}

SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{a916eefe-6a17-4d7d-a131-2738b260bb55}

SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{d6a34acb-76fa-4a14-88ea-5d54797a2028}

SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006bff73-d6b8-4cc0-a982-1e041d625b08}

SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D69E858-32D5-4888-A395-579C8124112B}

SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8013018c-73f4-4642-b2d1-9d83c2aafbc2}

SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{956e5a3f-b1c2-4e81-9f30-84349ce7baf0}

SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f8f03266-dec7-4f5c-a6d3-d88533ee9070}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A916EEFE-6A17-4D7D-A131-2738B260BB55}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6A34ACB-76FA-4A14-88EA-5D54797A2028}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A916EEFE-6A17-4D7D-A131-2738B260BB55}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6A34ACB-76FA-4A14-88EA-5D54797A2028}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}

SOFTWARE\Wow6432Node\Guffins

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1d2aa885-2c50-4758-a262-17254662a5d5}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49a32f81-0ba1-4b43-856c-9a61425e5bf1}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4a8aa6e6-54c5-4a40-89f3-62acd51a2069}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59567752-5ff2-4df5-aada-e9c6f114c00a}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c277597d-c02b-4c09-9778-671530d2700f}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ff777bf5-d424-4519-a61e-2b5bb204894d}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c7a7f370-62d8-4db8-9fb2-4afc0a7c3dea}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{de2fdf7c-2637-4ba3-b427-3fce2d331db5}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{a916eefe-6a17-4d7d-a131-2738b260bb55}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{d6a34acb-76fa-4a14-88ea-5d54797a2028}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006bff73-d6b8-4cc0-a982-1e041d625b08}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D69E858-32D5-4888-A395-579C8124112B}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8013018c-73f4-4642-b2d1-9d83c2aafbc2}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{956e5a3f-b1c2-4e81-9f30-84349ce7baf0}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f8f03266-dec7-4f5c-a6d3-d88533ee9070}

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

Guffinsbar Uninstall Firefox

Directories

Guffins Toolbar may create the following directory or directories:

%APPDATA%\GuffinsEI

%LOCALAPPDATA%\Guffins

%PROGRAMFILES%\Guffins

%PROGRAMFILES%\GuffinsEI

%PROGRAMFILES(X86)%\Guffins

%PROGRAMFILES(X86)%\GuffinsEI

%USERPROFILE%\AppData\LocalLow\Guffins

%USERPROFILE%\AppData\LocalLow\GuffinsEI

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Guffins Toolbar

Threat Scorecard

EnigmaSoft Threat Scorecard

Infection Vectors Used by the Guffins Toolbar

The Guffins Toolbar Should Be Removed from Your Computer

Aliases

SpyHunter Detects & Remove Guffins Toolbar

File System Details

Registry Details

Directories

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen