210

Labeled: , , ,

You are reading 0 threads
  • Author
    Messages
    • July 12 2020 to 17 08 h min #26274
      Nicholas Coolman
      Key Master

      The programme MoviesToolbar falls into the category of Potentially Unwanted Optional Software (LPI/PUP).

      LPIs, or PUPs, typically install as a program or browser extension and are loaded each time the operating system is started.


      Potentially Unwanted Software (PUP/LPI) can launch services, start scheduled tasks, and create shortcuts on your Desktop. All these operations are done with or without your consent according to the terms of its user contract. Once installed, an LPI can modify certain parameters of your browsers such as search pages, the start page or even your error page. It can collect your browsing habits and communicate them to a server using the tracking method. While browsing, it may display advertisements (coupons) and advertising banners (popups). The goal of this program is often to make money by generating web traffic to sponsored sites.


      Potentially unwanted software (LPI) or Potentialy Unwanted Programs (PUP) are the cause of many infections.
      The most common example is adware. InstallCore, Crossrider, Graftor ou Boxore which pollute the Registry and your data storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use the repackaging method, an operation which consists of redoing the software installation module by adding download options. These options allow you to add other software such as browser toolbars, adware, potentially unwanted software, intrusive advertising software, or even browser hijackers.


      Spyware (spyware) and adware (adwares) unwanted files, just like malware, can use the writing flaws of legitimate software or those of operating systems. It is therefore essential to have official software and that it has automatic updating. Likewise, your Windows operating system must be programmed in automatic update mode and activated, so that you can have the latest updates for critical security vulnerabilities.

      Main actions:
      – It installs as a process launched at system startup (RP),
      - It installs an extension program for the Google Chrome (G2) browser,
      - It installs an extension program for the Mozilla Firefox (M2) browser,
      - It is installed as Browser Helper Object (BHO) of Internet Browser (O2),
      - It is installed as a toolbar (Toolbar) of Internet Browser (O3),
      – It installs as Winlogon Notify registry value (autorun)(O20),
      - It is installed as a service to be launched each time the system starts (O23), (SS/SR),
      – He starts a manager session (O36),
      - It installs as a program (O42)
      – It creates multiple “Software” registry keys,
      - Adds additional folders (O43),
      - Registration in the Windows prefetcher folder (O45)
      – It is installed in export of authorized application key (ECAA) (O47),
      – It creates multiple user files (O61),
      - It modifies the Internet search provider (O69),
      – It is installed in specific folders of the user (O84),
      – It creates an active inbound connection in Windows Firewall Application Exceptions (O87),
      – It pollutes the Registry base with many keys and values ​​(O88),
      – It creates CLSID registry keys (O101)

      ZHPDiag overview:
      [MD5.64C64E7268887F661B911DEED945B898] – (.Bandoo Media Inc. – Datamngr Coordinator.) — C:\Program Files (x86)\$a ,ar\Datamngr\DatamngrCoordinator.exe [3360256] [PID.1224]
      [MD5.F4938525565B6AFD0F547934F20754E4] – (.Bandoo Media Inc. – Data Manager.) — C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe [3534848] [PID.3384]
      [MD5.DB4721B0BA9D705AADA438B1AB50E53C] – (.SafetyNut Inc. – SafetyNut Manager.) — C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3422728] [PID.2272]
      [MD5.42D6FF4DE3623C0656F06795048F8BB6] – (.SafetyNut Inc. – SafetyNut.) — C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe [3588104] [PID.2816]
      G2 – GCE: Preference [User Data\Default] [aaaaabcbmongicmdegkmmfgdickgnnob] Movies Toolbar v.29.1, (Disabled)
      G2 – GCE: Preference [User Data\Default] [aaaaimdcedbpbcjjbbnfcbbjcngmomic] Movies Toolbar v.21.56058, (Disabled)
      G2 – EXT: C:\Users\Coolman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [Movies Toolbar]
      G2 – EXT: C:\Users\Coolman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic [Movies Toolbar]
      M2 – MFEP: prefs.js [Coolman – fmcyacz6.default\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}] [] Movies Toolbar (Dist. by Somoto Ltd.) v1.6.2.0 (..)
      M2 – MFEP: prefs.js [Coolman – fmcyacz6.default\{d1dac034-9fd9-4c13-a388-d2e10e57707f}] [] Movies Toolbar (Dist. by Bandoo Media, Inc.) v1.8.1.0 (..)
      O2 – BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) [64Bits] – {609BBD0C-AC47-40E5-B047-27520779C4C9}. (.APN LLC – dtx Dynamic Link Library.) — C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
      O2 – BHO: Movies Toolbar (Dist. by Somoto Ltd.) – {3444C3C5-6C56-4A16-A453-832B05BF6EA4} . (.APN LLC – dtx Dynamic Link Library.) — C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
      O3 – Toolbar: Movies Toolbar (Dist. by Somoto Ltd.) – {3444C3C5-6C56-4A16-A453-832B05BF6EA4} . (.APN LLC – dtx Dynamic Link Library.) — C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
      O20 – AppInit_DLLs: . (…) – C:\Program Files\Movies Toolbar\SafetyNut\safetyldr.dll
      O23 – Service: Datamngr Coordinator (DatamngrCoordinator). (.Bandoo Media Inc. – Datamngr Coordinator.) – C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
      O23 – Service: SafetyNut Manager (SafetyNutManager). (.SafetyNut Inc. – SafetyNut Manager.) – C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe
      O36 – AppCertDlls: (x86) . (…) — C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll
      O36 – AppCertDlls: (x64) . (…) — C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll
      O36 – AppCertDlls: (x86) . (…) — C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll
      O36 – AppCertDlls: (x64) . (…) — C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll
      O42 – Software: Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.) – (.APN LLC.) [HKLM][64Bits] — savevidmoviestoolbarFF
      O42 – Software: Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.) – (.IAC Search and Media.) [HKLM] — ilividmoviestoolbar181FF
      O42 – Software: Movies Toolbar for Firefox (Dist. by Somoto Ltd.) – (.APN LLC.) [HKLM] — somotomoviestoolbar1FF
      O42 – Software: Movies Toolbar for Chrome (Dist. by Bandoo Media, Inc.) – (.IAC Search and Media.) [HKLM] — ilividmoviestoolbar181CR
      O42 – Software: Movies Toolbar for Chrome (Dist. by Somoto Ltd.) – (.APN LLC.) [HKLM] — somotomoviestoolbar1CR
      O42 – Software: Movies Toolbar for Internet Explorer (Dist. by Somoto Ltd.) – (.APN LLC.) [HKLM] — somotomoviestoolbar1IE
      O42 – Software: Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.) – (.IAC Search and Media.) [HKLM][64Bits] — ilividmoviestoolbar181FF
      [HKCU\Software\AppDataLow\Software\koyotesoftmoviestoolbar]
      [HKCU\Software\koyotesoftmoviestoolbar]
      [HKLM\Software\Wow6432Node\DataMngr]
      [HKCU\Software\DataMngr_Toolbar]
      [HKLM\SOFTWARE\SafetyNut]
      O43 – CFD: 13/08/2013 – 10:28:10 – [22,958] —-D C:\Program Files (x86)\Movies Toolbar
      O43 – CFD: 11/03/2014 – 14:11:55 PM – [] —-D C:\Program Files\Movies Toolbar
      O45 – LFCP:[MD5.F3CDCDC57FC3A660BB4793FE8FBDEAE9] – 27/10/2013 – 22:51:16 —A- – C:\Windows\Prefetch\MOVIESTOOLBARSETUP_SOMOTO_9_1-178E4E29.pf
      O47 – AAKE:Key Export SP – “C:\Program Files\Movies Toolbar\SafetyNut\SRTOOL~1\IE\dtUser.exe” [Enabled].(.APN LLC.) — C:\Program Files\Movies Toolbar\ SafetyNut\SRTOOL~1\IE\dtUser.exe
      O61 – LFC: 27/10/2013 – 00:03:08 —A- . (.SafetyNut Inc..) — C:\Users\Coolman\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe [7884008]
      O69 – SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} – (Ask.com) – https://dts.search.ask.com
      [MD5.FC0CB8F2ADA86F7EC51F9FB6FFB56C19] [SPRF][27/10/2013] (.SafetyNut Inc. – Movies Toolbar Install.) — C:\Users\Coolman\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe [7884008]
      O87 – FAEL: “{7DFE1E0F-2B4F-402E-8299-1D571EEF3F7F}” | In – Public – P6 – TRUE | .(.APN LLC – DtUser.) — C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
      O87 – FAEL: “{F47C7110-6B3B-4176-BFA9-2140611F664D}” | In – Public – P17 – TRUE | .(.APN LLC – DtUser.) — C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
      SR – | Auto 12/08/2013 3360256 | (DatamngrCoordinator). (.Bandoo Media Inc..) – C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
      SR – | Auto 09/10/2013 3422728 | (SafetyNutManager). (.SafetyNut Inc..) – C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609BBD0C-AC47-40E5-B047-27520779C4C9}]
      [HKLM\Software\Classes\CLSID\{609BBD0C-AC47-40E5-B047-27520779C4C9}]
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{609BBD0C-AC47-40E5-B047-27520779C4C9}]
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{609BBD0C-AC47-40E5-B047-27520779C4C9}]
      [HKLM\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator]
      [HKLM\SYSTEM\CurrentControlSet\Services\SafetyNutManager]
      [HKCU\Software\AppDataLow\Software\koyotesoftmoviestoolbar]
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividmoviestoolbardlaFF]
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\savevidmoviestoolbarFF]
      [HKCU\Software\DataMngr_Toolbar]
      [HKCU\Software\koyotesoftmoviestoolbar]
      [HKLM\Software\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob]
      [HKLM\Software\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic]
      C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
      C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic
      C:\Program Files\Movies Toolbar\SafetyNut\SRTOOL~1\IE\dtUser.exe
      C:\Program Files (x86)\Movies Toolbar\Datamngr
      C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
      C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
      C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
      C:\Program Files (x86)\Movies Toolbar\Datamngr\Internet Explorer Settings.exe
      [HKCR\CLSID\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}] (Movies Toolbar (Dist. by Somoto Ltd.))

      A.k.a :
      PUP.Optional.MoviesToolbar.A [Malwarebytes]
      PUP.Datamngr
      Adware.Bandoo

      Diagnose with ZHPSuite...  Uninstall with Windows...  Delete with ZHPCleaner...  Remove with Malwarebytes...

      Free support forum
      Nicholas Coolman

  • Author
    Messages
You are reading 0 threads
  • You must be logged in to reply to this topic.
Back to top