Toolbar.MyWebSearch

Toolbar.MyWebSearch Description

Toolbar.MyWebSearch, also called W32/Toolbar.MyWebSearch, is issued in fake security alerts and fake desktop pop-up windows, generated by the rogue anti-spyware application known as Antivirus XP 2008. This method is used to intimidate the user into believing that the computer has been compromised, and is then prompted to purchase and install the fake spyware remover Antivirus XP 2008 in order to solve the problem.

Aliases: not-a-virus:AdWare.Win32 [Ikarus], Trojan.Win32.Generic.1258EE5C, AdWare.FunWeb.gq, Adware/FunWeb.n, Win32/SillyBHO.GNX [eTrust-Vet], Adware.Siggen.9983 [DrWeb], Riskware.AdWare.Win32!IK, not-a-virus:WebToolbar.Win32.MyWebSearch.mg [Kaspersky], W32/Funweb.A!genr, a variant of Win32/Toolbar.MyWebSearch.Q [NOD32], Adware.FunWeb!25G/3MLbpX0, Trojan-Clicker/W32.FunWeb.213092.B, Generic_r.CRO [AVG], Application.ExqPage [Ikarus] and a variant of Win32/ELEX.M.

Technical Information

File System Details

Toolbar.MyWebSearch creates the following file(s):
# File Name Size MD5 Detection Count
1 %ALLUSERSPROFILE%\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe 2,403,352 ebba16a88f517bfb1b7681abf006c8b0 1,930
2 %PROGRAMFILES%\MyWebSearch\bar\1.bin\MWSOEMON.EXE 38,408 d16afe4928c5686ade1e3e8553f3633b 237
3 %SystemDrive%\keygen 2009\XF-MAP3D2K9-32BIT-KG.EXE 59,392 221e32a55c8139015170014a9d57be3d 90
4 %TEMP%Win33.exe 11,223,120 cb926cf0d5541aeea2aa323edaaf60b6 15
5 %LOCALAPPDATA%\Microsoft\ID Vault\czxgdkrtg.dll 291,840 af44fa29756cd3fc27d60f01ef960e7b 14
6 %PROGRAMFILES%\Xara\Xara_Designer_Pro_6\Patch.exe 741,888 318b8d9f50b06b94dac74a1433edd560 13
7 %USERPROFILE%wgsdgsdgdsgsd.exe 139,264 6bdb245eaf6b20c57fc012d7e0afbe1a 13
8 %SystemDrive%\RECYCLER\S-1-5-21-1644491937-706699826-1177238915-1003\$ebaea08b77c069fb2bf5b189c6cca728\n. 59,904 328051ee44773630e58f4fb3fc6ae81f 11
9 %WINDIR%\Pointdev\VNC\WinVNC.exe 667,648 ce13b222c925a6dc75be4b578fbd4d58 9
10 %APPDATA%\Nbt\Nbt.exe 779,776 0e22d1901e7461e876f5e77508a4d0c3 9
11 %PROGRAMFILES(x86)%\GridinSoft Trojan Killer\trojankiller.exe 6,738,872 5110b527283b5b3549b5dc65942f253c 9
12 D:\Larry 7\L7_Start.exe 8,192 6f575d4c91ea22a23c993a52ce0ec82e 7
13 %USERPROFILE%\Desktop\RF Engine 2.0.0\kiki.sys 35,840 fd592502d8871bad9eb2ef1d8135b386 6
14 %USERPROFILE%c_2C_2.exe 469,504 1faaa43f4ea20c9a256d21ca7bc489c7 4
15 %TEMP%panmap.exe 1,542,656 38faf4975964aa84d098634e042c93bc 3
16 %APPDATA%6BED.exe 77,824 7fea8194a339d027cfe255d1ecfad08e 2
17 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\d2be3e6d11846430c067fc874a79f583.exe 363,520 037db7be4d85c3a56137707c018f24b0 2
18 %SystemDrive%winlogon.exe 92,160 f0f8665930c451a7fea811a1fe9e2caa 2
19 %PROGRAMFILES%\MyWebSearch\bar\1.bin\M3PLUGIN.DLL 53,366 7075cb51f200cfb073efe82e12c2f9d1 2
20 %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\8gquqFX0a.exe 172,284 47469a8a7ff8a67320c5d2a39d9870a3 2
21 %WINDIR%\system32\bgamrgbw.exe 108,544 815c909a0a7061b2ac1ddb3cccc91203 2
22 %PROGRAMFILES%\ByteGems.com\Screen Resolution Manager\ScreenResolutionManager.exe 510,976 385fab9ea337a58c613eacc79383f3ae 1
23 %APPDATA%C600.exe 73,728 40e065a53f345c8fbe5c3da98c7bd9e6 1
24 %APPDATA%\905290\905290.exe 73,728 3a17734faf7d3d93de1c7cfd7bfad997 1
25 %APPDATA%\KeywordTab\keywordtabhper.exe 220,752 690a7e735a832fc3f20eff0f6a22433c 1
26 %LOCALAPPDATA%ReferenceBossAuto.exe 960,576 679c5c3661db8763cd605949b5e43ae2 1
27 %APPDATA%hhFFWORCdGYZ.exe 4,096 0e95de79cab7c90f67eb1d7f3e063930 1
More files

Registry Details

Toolbar.MyWebSearch creates the following registry entry or registry entries:
Uninstaller
MyWebSearch bar Uninstall
WsysControl
Registry key
Software\AppDataLow\Software\mywebsearch
Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
SOFTWARE\mywebsearch
Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
SOFTWARE\Wow6432Node\MyWebSearch
SYSTEM\ControlSet001\services\eventlog\Application\WsysSvc
SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{F921DE4A-6917-4EB4-8A1B-764259B8DB5E}
SYSTEM\ControlSet002\services\eventlog\Application\WsysSvc
SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{F921DE4A-6917-4EB4-8A1B-764259B8DB5E}
SYSTEM\CurrentControlSet\services\eventlog\Application\WsysSvc
SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{F921DE4A-6917-4EB4-8A1B-764259B8DB5E}
CLSID
{01947140-417F-46B6-8751-A3A2B8345E1A}
{07B18EA9-A523-4961-B6BB-170DE4475CCA}
{07B18EAA-A523-4961-B6BB-170DE4475CCA}
{1093995A-BA37-41D2-836E-091067C4AD17}
{120927BF-1700-43BC-810F-FAB92549B390}
{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
{1F52A5FA-A705-4415-B975-88503B291728}
{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
{3E1656ED-F60E-4597-B6AA-B6A58E171495}
{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
{3E720451-B472-4954-B7AA-33069EB53906}
{3E720453-B472-4954-B7AA-33069EB53906}
{48586425-6bb7-4f51-8dc6-38c88e3ebb58}
{72EE7F04-15BD-4845-A005-D6711144D86A}
{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}
{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
{90449521-D834-4703-BB4E-D3AA44042FF8}
Directory
%PROGRAMFILES%\mywebsearch
%PROGRAMFILES(x86)%\mywebsearch
%UserProfile%\AppData\LocalLow\mywebsearch

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.