VisualBee Toolbar

By ESGI Advisor in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank:	12,931
Threat Level:	50 % (Medium)
Infected Computers:	18,544

First Seen:	April 29, 2013
Last Seen:	November 16, 2025
OS(es) Affected:	Windows

VisualBee Toolbar is a vicious adware application and toolbar that offers up unwanted functions. VisualBee Toolbar may be installed through bundled software without the computer user?s knowledge. Once installed and loaded, VisualBee Toolbar will change internet settings to redirect users to unwanted sites and modify the default home page or search engine site choice. The VisualBee Toolbar search box may become the primary means of searching the internet where the results are sometimes unwelcomed or manipulated. The removal of VisualBee Toolbar usually requires using antispyware software to eliminate all installations within popular web browsers like Google Chrome, Firefox and Internet Explorer.

Table of Contents

SpyHunter Detects & Remove VisualBee Toolbar

File System Details

VisualBee Toolbar may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	VisualBee-enabler.exe	35a48738493952de8fd425ff906aa0bf	2,047
Name: VisualBee-enabler.exe MD5: 35a48738493952de8fd425ff906aa0bf Size: 348.37 KB (348376 bytes) Detections: 2,047 Type: Executable File Path: %PROGRAMFILES(x86)%\VisualBee Group: Malware file Last Updated: July 2, 2014
2.	VisualBee-firefoxinstaller.exe	b47f5498dea045db0e949be1732da4e5	1,242
Name: VisualBee-firefoxinstaller.exe MD5: b47f5498dea045db0e949be1732da4e5 Size: 724.18 KB (724184 bytes) Detections: 1,242 Type: Executable File Path: %PROGRAMFILES(x86)%\VisualBee\VisualBee-firefoxinstaller.exe Group: Malware file Last Updated: January 3, 2021
3.	VisualBeeDB.exe	af7ad01c873b7a4a0aa92e14f2c8a691	1,158
Name: VisualBeeDB.exe MD5: af7ad01c873b7a4a0aa92e14f2c8a691 Size: 10.74 MB (10747008 bytes) Detections: 1,158 Type: Executable File Path: %ALLUSERSPROFILE%\VisualBee Group: Malware file Last Updated: November 16, 2025
4.	VisualBee-bho64.dll	835bca77dcfa26f1d68b474d81485a81	995
Name: VisualBee-bho64.dll MD5: 835bca77dcfa26f1d68b474d81485a81 Size: 966.87 KB (966872 bytes) Detections: 995 Type: Dynamic link library Path: C:\Program Files (x86)\VisualBee\VisualBee-bho64.dll Group: Malware file Last Updated: September 25, 2021
5.	VisualBee-bho.dll	3b1a4ade6555264e6a25b5a4bf8794d9	566
Name: VisualBee-bho.dll MD5: 3b1a4ade6555264e6a25b5a4bf8794d9 Size: 749.78 KB (749784 bytes) Detections: 566 Type: Dynamic link library Path: C:\Windows.old.000\Program Files (x86)\VisualBee\VisualBee-bho.dll Group: Malware file Last Updated: May 15, 2022
6.	VisualBeeSoftware.exe	aa26ea27c98eb8416754a0ead9ad9d0b	406
Name: VisualBeeSoftware.exe MD5: aa26ea27c98eb8416754a0ead9ad9d0b Size: 18.81 MB (18818248 bytes) Detections: 406 Type: Executable File Path: %ALLUSERSPROFILE%\VisualBee Group: Malware file Last Updated: November 16, 2025
7.	VisualBeeRecovery.exe	4b61dc3477039330cdcebd606ea1d561	308
Name: VisualBeeRecovery.exe MD5: 4b61dc3477039330cdcebd606ea1d561 Size: 19.5 KB (19504 bytes) Detections: 308 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe Group: Malware file Last Updated: February 23, 2024
8.	Uninstall.exe	6fbb4bcf27c3602a64cb35aec596ad99	306
Name: Uninstall.exe MD5: 6fbb4bcf27c3602a64cb35aec596ad99 Size: 79.06 KB (79064 bytes) Detections: 306 Type: Executable File Path: C:\Program Files (x86)\VisualBee\Uninstall.exe Group: Malware file Last Updated: September 25, 2021
9.	uninst.exe	5a3b0271a2810728db50990b90209385	176
Name: uninst.exe MD5: 5a3b0271a2810728db50990b90209385 Size: 78.05 KB (78053 bytes) Detections: 176 Type: Executable File Path: %SYSTEMDRIVE%\Documents and Settings\Owner\Local Settings\Application Data\VisualBeeExe\uninst.exe Group: Malware file Last Updated: August 8, 2023
10.	VisualBeeWebext.exe	e93d456a74a43dcb034b5ebf37c3e40d	23
Name: VisualBeeWebext.exe MD5: e93d456a74a43dcb034b5ebf37c3e40d Size: 4.94 MB (4941896 bytes) Detections: 23 Type: Executable File Path: C:\BACKUP LEO\bkp\Users\<username>\AppData\Local\Temp\VisualBeeWebext.exe Group: Malware file Last Updated: May 5, 2022
11.	visualbee.exe	193073078feaf70abbe6c690e2db7c12	15
Name: visualbee.exe MD5: 193073078feaf70abbe6c690e2db7c12 Size: 253.73 KB (253736 bytes) Detections: 15 Type: Executable File Path: C:\Users\<username>\AppData\Local\DownloadGuide\Offers\visualbee.exe Group: Malware file Last Updated: February 7, 2023
12.	VisualBee_1802-5a22562c (deleted 58e5fd91ba8eb867db26b1ff8f29994e).exe	ed283e8108ddb7d929189f46a9526512	9
Name: VisualBee_1802-5a22562c (deleted 58e5fd91ba8eb867db26b1ff8f29994e).exe MD5: ed283e8108ddb7d929189f46a9526512 Size: 311.24 KB (311240 bytes) Detections: 9 Type: Executable File Path: C:\Users\<username>\Dropbox\.dropbox.cache\2020-01-14\VisualBee_1802-5a22562c (deleted 58e5fd91ba8eb867db26b1ff8f29994e).exe Group: Malware file Last Updated: January 29, 2021
13.	sdqdknix.dll	e4256a6321054c9f65f77c43ef49a4cc	5
Name: sdqdknix.dll MD5: e4256a6321054c9f65f77c43ef49a4cc Size: 856.06 KB (856064 bytes) Detections: 5 Type: Dynamic link library Path: %LOCALAPPDATA%\Visualbee Group: Malware file Last Updated: September 9, 2013
14.	VisualBeeSilent.exe	a5e96614096f50ee6708a3732fba98d8	5
Name: VisualBeeSilent.exe MD5: a5e96614096f50ee6708a3732fba98d8 Size: 259.21 KB (259216 bytes) Detections: 5 Type: Executable File Path: %TEMP%\is357113909 Group: Malware file Last Updated: September 9, 2013
15.	cjdtysdgtotpdmi.dll	a1ba1df27cdb653aedc29fc401c9d107	4
Name: cjdtysdgtotpdmi.dll MD5: a1ba1df27cdb653aedc29fc401c9d107 Size: 934.91 KB (934912 bytes) Detections: 4 Type: Dynamic link library Path: %LOCALAPPDATA%\Visualbee Group: Malware file Last Updated: September 9, 2013
16.	visualbeeclient{mobiklixusa} (1).exe	a873b4dc04d1bc909a162dbd459cc22c	3
Name: visualbeeclient{mobiklixusa} (1).exe MD5: a873b4dc04d1bc909a162dbd459cc22c Size: 1.04 MB (1041240 bytes) Detections: 3 Type: Executable File Path: %USERPROFILE%\downloads Group: Malware file Last Updated: August 9, 2020
17.	VisualBee-chromeinstaller.exe	51a74bb1d2ae80c2863f0071ffadc1d6	3
Name: VisualBee-chromeinstaller.exe MD5: 51a74bb1d2ae80c2863f0071ffadc1d6 Size: 498.9 KB (498904 bytes) Detections: 3 Type: Executable File Path: %PROGRAMFILES%\VisualBee Group: Malware file Last Updated: September 9, 2013
18.	kdkpexfbxef.dll	a618fe5fd3fef293f597eb5f9e31b635	2
Name: kdkpexfbxef.dll MD5: a618fe5fd3fef293f597eb5f9e31b635 Size: 820.22 KB (820224 bytes) Detections: 2 Type: Dynamic link library Path: %LOCALAPPDATA%\Visualbee Group: Malware file Last Updated: September 9, 2013
19.	VisualBee-codedownloader.exe	f7a09f3ef2bd2b9b2d22876f45514d28	1
Name: VisualBee-codedownloader.exe MD5: f7a09f3ef2bd2b9b2d22876f45514d28 Size: 514.77 KB (514776 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\VisualBee Group: Malware file Last Updated: September 9, 2013
20.	wegkcgbp.dll	2525cb007db6ce3098172afe08e364eb	1
Name: wegkcgbp.dll MD5: 2525cb007db6ce3098172afe08e364eb Size: 690.17 KB (690176 bytes) Detections: 1 Type: Dynamic link library Path: %LOCALAPPDATA%\Visualbee Group: Malware file Last Updated: September 9, 2013
21.	VisualBeeInstall{cpaway}(1).exe	34726ee3173a82bd421f5da36a91ffb4	1
Name: VisualBeeInstall{cpaway}(1).exe MD5: 34726ee3173a82bd421f5da36a91ffb4 Size: 363.39 KB (363392 bytes) Detections: 1 Type: Executable File Path: %USERPROFILE%\My Documents\Downloads Group: Malware file Last Updated: September 9, 2013
22.	hpfpa$(YEAR)$(QUA).dll	7b230799e8b48d0ab330591d365782c8	1
Name: hpfpa$(YEAR)$(QUA).dll MD5: 7b230799e8b48d0ab330591d365782c8 Size: 476.67 KB (476672 bytes) Detections: 1 Type: Dynamic link library Path: %LOCALAPPDATA%\VisualBee_V.5 Group: Malware file Last Updated: September 9, 2013
23.	VisualBeeInstall.exe	558c35e46cb0144582a5af7c1d65e714	1
Name: VisualBeeInstall.exe MD5: 558c35e46cb0144582a5af7c1d65e714 Size: 363.4 KB (363408 bytes) Detections: 1 Type: Executable File Path: %USERPROFILE%\Downloads Group: Malware file Last Updated: September 9, 2013
24.	mc_dec_dv100.dll	3a3e425ab8eb4c144e27e43fc0c04c41	1
Name: mc_dec_dv100.dll MD5: 3a3e425ab8eb4c144e27e43fc0c04c41 Size: 851.96 KB (851968 bytes) Detections: 1 Type: Dynamic link library Path: %LOCALAPPDATA%\Visualbee Group: Malware file Last Updated: September 9, 2013

More files

Directories

VisualBee Toolbar may create the following directory or directories:

%TEMP%\CT3268494

Analysis Report

General information

Family Name:	VisualBee Toolbar
Signature status:	Self Signed

Known Samples

MD5: 013217a6854aab1a4aebd2056597ba8c

SHA1: 7cf9e71ad764095aa7e7462bea469e22c1f4ad0b

SHA256: 0FC51AD4C384DE2C39373B807D7D0EBAFD1351009B8B75C5BA4ED02892027235

File Size: 85.62 KB, 85616 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
File Version	v22.6
Product Version	v22.6

Digital Signatures

Signer	Root	Status
Visual Software Systems LTD	Thawte Code Signing CA - G2	Self Signed

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\nso47b4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nst47d4.tmp\clr.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sendmsg.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\sendmsg.dll	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey

Windows API Usage

Category	API
Encryption Used	BCryptOpenAlgorithmProvider

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

VisualBee Toolbar

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove VisualBee Toolbar

File System Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Related Posts

Visualbee.delta-search.com

Trending

Tavonnero.co.in

Turtle Vote Rewards

Researchers Find 230,000 New Malware Threats Each...

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen