Zwinky Toolbar, Advertising Software (Adware).
Zwinky Toolbar is software from MindSpark. It is more precisely a browser toolbar (Toolbar). It usually installs as a program and as a browser extension.
It can modify browser search and start pages. Some security solutions may classify this software as Potentially Unwanted Optional Software (LPI, PUP).
This program is classified as Potentially Unnecessary Software (LPS). It installs as a program and/or as a browser extension. It can start automatically from the Registry via a "Run" key, a service or a scheduled task. It may launch when you start your browser after changing its settings. Sometimes the launch is done silently, that is to say it works in the background. The virus analysis of this software does not show any malware detection.
These are mostly legitimate programs that may not be necessary for your system to function properly. The multiplication of programs launched at system startup can cause delays in the execution of ordinary system tasks but also when browsing the Internet. Note that some programs come from downloads with repackaging, a technique which consists of offering other software during installation. These additional programs are obviously superfluous, they can even be installed without your knowledge. It is recommended to read the EULA before installing packaged software. Before clicking, check the relevance of the pre-checked boxes offered to you.
[catlist name=”MindSpark” date=yes category_description=’yes’ pagination=yes link_target=_blank]
TECHNICAL ELEMENTS
Features
– It modifies the start page of the Opera browser (B0),
– It replaces the start page of the Mozilla Firefox (M0) browser,
– It replaces the start page of the Google Chrome (G0) browser,
– It modifies the start page of the Internet Explorer browser (R0),
- It installs an extension program for the Google Chrome (G2) browser,
- It installs an extension program for the Mozilla Firefox (M2) browser,
- It installs a Mozilla Firefox (P2) browser plugin,
- It is installed as Browser Helper Object (BHO) of Internet Browser (O2),
- It is installed as an Internet browser toolbar (O3),
- It installs as a program (O42)
– It creates multiple “Software” registry keys,
- Adds additional folders (O43),
- It modifies the Internet search provider (O69),
Preview in reports
Recorded on 16/06/2013
P2 – FPN: [HKLM] [@Zwinky_5q.com/Plugin] – (.MindSpark – MindSpark Toolbar Platform Plugin Stub for 32-bit Windows.) — C:\Program Files\Zwinky_5q\bar\1.bin\NP5qStub.dll
O2 – BHO: Toolbar BHO – {27488090-768a-4d20-a938-f223f71c344c} . (.MindSpark – MindSpark Toolbar Platform.) — C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll
O2 – BHO: Search Assistant BHO – {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} . (.MindSpark – MindSpark Search Assistant.) — C:\Program Files\Zwinky_5q\bar\1.bin\5qSrcAs.dll
O3 – Toolbar: Zwinky – [HKLM]{3033124f-06bf-4829-873a-310a125b4d4c} . (.MindSpark – MindSpark Toolbar Platform.) — C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll
O4 – HKLM\..\Run: [Zwinky Search Scope Monitor]. (.MindSpark – MindSpark Toolbar Platform SearchScope Moni.) — C:\Program Files\Zwinky_5q\bar\1.bin\5qSrchMn.exe
O4 – HKLM\..\Run: [Zwinky_5q Browser Plugin Loader] . (.VER_COMPANY_NAME – VER_DESCRIPTION.) — C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe
O23 – Service: ZwinkyService (Zwinky_5qService). (.COMPANYVERS_NAME – PRODUCTVERS_TITLE.) – C:\Program Files\Zwinky_5q\bar\1.bin\5qbarsvc.exe
O42 – Software: Zwinky Toolbar – (.Mindspark Interactive Network.) [HKLM] — Zwinky_5qbar Uninstall
[HKCU\Software\AppDataLow\Software\Zwinky_5q]
[HKLM\Software\Wow6432Node\Zwinky_5q]
[HKLM\Software\Zwinky_5q]
O43 – CFD: 30/07/2012 – 01:57:57 – [6,587] —-D C:\Program Files\Zwinky_5q
O43 – CFD: 30/07/2012 – 11:10:02 – [0,094] —-D C:\Users\Coolman\AppData\Local\Zwinky_5q
O43 – CFD: 21/10/2013 – 23:42:32 – [0,788] —AD C:\Program Files (x86)\Zwinky_5qEI
O43 – CFD: 02/07/2013 – 12:40:17 – [9,079] —AD C:\Program Files (x86)\Zwinky_5q
SR – | Auto 30/07/2012 42528 | (Zwinky_5qService) . (.COMPANYVERS_NAME.) – C:\Program Files\Zwinky_5q\bar\1.bin\5qbarsvc.exe
SR – | Auto 21/10/2013 44752 | (Zwinky_5qService) . (.COMPANYVERS_NAME.) – C:\Program Files (x86)\Zwinky_5q\bar\2.bin\5qbarsvc.exe
[HKLM\SYSTEM\CurrentControlSet\Services\Zwinky_5qService]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zwinky_5qbar Uninstall]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Zwinky Search Scope Monitor
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Zwinky_5q Browser Plugin Loader
[HKCU\Software\AppDataLow\Software\Zwinky_5q]
[HKLM\Software\Wow6432Node\Zwinky_5q]
[HKLM\Software\Zwinky_5q]
C:\Program Files\Zwinky_5q
C:\Users\Coolman\AppData\Local\Zwinky_5q
C:\Users\Coolman\AppData\LocalLow\Zwinky_5q
C:\Program Files (x86)\Zwinky_5qEI
Alias
Avira AntiVirus: TR/Patched.Gen
avast!:Win32:Mindspark-A [PUP] AVG:Zango
Bkav FE: W32.Clod4e1.Trojan
Dr.Web: Win32.Expiro.109
Emsisoft Anti-Malware: Win32.Expiro.Gen
ESET NOD32: Win32/Expiro.BD virus
F-Prot: W32/Expiro.BW
F-Secure: Win32.Expiro.Gen.3
Kaspersky: Virus.Win32.Expiro
Malwarebytes Anti-Malware: PUP.Optional.MindSpark.A
Malwarebytes: Adware.MyWebSearch
McAfee: Virus.W32/Expiro.gen.ra
Microsoft Security Essentials: Threat.Undefined
Norman: Win32.Expiro.Gen.3
Reason Heuristics: PUP.Service.MindsparkInteractiveNetwork.I
Sophos: Virus 'W32/Expiro-W'
Trend Micro House Call: TROJ_GEN.F47V1206
VIPRE Antivirus: MyWebSearch.J