Cart
Adware.Bundler.Funwebproducts.M( Funwebproducts )
SYMPTOMS: Internet explorer will have a toolbar containing following buttons : “Fun Buddy”,” Smiley central”,”Screensaver”,”Cursor mania” and “fun cards”. A search bar may also be installed.TECHNICAL DESCRIPTION: Adware.Bundler.Funwebproducts consists in several programs (used to configure some aspect of your computer such as icons, cursor, and screensaver) and a toolbar. It also installs a search bar (MySearch) for internet explorer. This adware is located on:
When Adware.Bundler.Funwebproducts is installed, it performs the following actions: a) Creates the following directories (and subdirectories) Ø C:\Program Files\FunWebProducts Ø C:\Program Files\MyWebSearchWB\bar b) Create the following registry keys Ø HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 Ø HKEY_CLASSES_ROOT\FunWebProducts.DataControl Ø HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 Ø HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler Ø HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 Ø HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar Ø HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 Ø HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu Ø HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 Ø HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 Ø HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager Ø HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 Ø HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager Ø HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager Ø HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 Ø HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton Ø HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 Ø HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl Ø HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl.1 Ø HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl Ø HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 Ø HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel Ø HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 Ø HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin Ø HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 Ø HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin Ø HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 Ø HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin Ø HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 Ø HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin Ø HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 Ø HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller Ø HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products Ø HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts Ø HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch c) Adds following value for HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [Name = MyWebSearch Email Plugin] d) %PROGRAMFILES%/mywebsearch\bar\1.bin\mwsbar.dll and Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Dragos Gavrilut ,virus researcher |