Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.
UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
(5 / 5)
RiskWare[WebToolbar:not-a-virus]/Win32.SearchSuite also known as a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted, Adware ( 004c74cb1 ), Adware.Bandoo.372.
Malware Analysis of RiskWare[WebToolbar:not-a-virus]/Win32.SearchSuite – MUSICAPPHELPER.DLL
Created files:
%Program Files%\Music App\Datamngr\DatamngrCoordinator.exe
%Program Files%\Music App\Datamngr\favicon.ico
%Program Files%\Music App\Datamngr\MusicAppHelper.dll
%Program Files%\Music App\Datamngr\SRTOOL~1\FF\install.ico
%Program Files%\Music App\Datamngr\SRTOOL~1\FF\uninstall.exe
Autostart registry keys:
HKLM\Software\Classes\Applications\98d1ccfa985ba53d38b92a98ef4356776e1191789f8d658a9c8388db2e8adbbd.exe\IsHostApp: “”
HKLM\SOFTWARE\CLASSES\CLSID\{88D8ECB7-204F-4EFD-8134-F6341F76C672}\INPROCSERVER32\: “%SYSTEMDRIVE%\PROGRA~1\MUSICA~1\DATAMNGR\SRTOOL~1\IE\SEARCHRESULTSDX.DLL”
HKLM\Software\Classes\CLSID\{E677C7AD-2B66-4539-AA29-3771A1CFEDA9}\InprocServer32\: “%Program Files%\jZip\jZipShell.dll”
HKLM\Software\Classes\jZip.file\shell\open\command\: “”%Program Files%\jZip\jZip.exe” –open-archive “%1″”
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\DisplayName: “Ask.com”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\imeshjzipmusictoolbarFF\DisplayName: “Music Search App for Firefox (Dist. by Bandoo Media, Inc.)”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMESHJZIPMUSICTOOLBARFF\UNINSTALLSTRING: “%SYSTEMDRIVE%\PROGRA~1\MUSICA~1\DATAMNGR\SRTOOL~1\FF\UNINSTALL.EXE /UN=FF /PID=JZP2-DTX /PCD=IMH /OCODE=APN10646”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\imeshjzipmusictoolbarIE\DisplayName: “Music Search App for Internet Explorer (Dist. by Bandoo Media, Inc.)”
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMESHJZIPMUSICTOOLBARIE\UNINSTALLSTRING: “%SYSTEMDRIVE%\PROGRA~1\MUSICA~1\DATAMNGR\SRTOOL~1\IE\UNINSTALL.EXE /UN=IE /PID=JZP2-DTX /PCD=IMH /OCODE=APN10646”
HKLM\Software\APNDTX\{88d8ecb7-204f-4efd-8134-f6341f76c672}\IE\DisplayName: “Music Search App (Dist. by Bandoo Media, Inc.)”
HKLM\Software\APNDTX\{88d8ecb7-204f-4efd-8134-f6341f76c672}\FF\DisplayName: “Music Search App (Dist. by Bandoo Media, Inc.)”
HKLM\System\CurrentControlSet\services\DatamngrCoordinator\ImagePath: “%Program Files%\Music App\Datamngr\DatamngrCoordinator.exe”
HKLM\System\CurrentControlSet\services\DatamngrCoordinator\DisplayName: “Datamngr Coordinator”
HKLM\System\CurrentControlSet\services\F06DEFF2-5B9C-490D-910F-35D3A9119622\ImagePath: “\??\%Program Files%\Music App\Datamngr\setmgrc3.cfg”
HKLM\System\CurrentControlSet\services\F06DEFF2-5B9C-490D-910F-35D3A9119622\DisplayName: “F06DEFF2-5B9C-490D-910F-35D3A9119622”
HKLM\System\CurrentControlSet\services\IAC Update Service\ImagePath: “%Program Files%\IAC Updater\iacupdater.exe”
HKLM\System\CurrentControlSet\services\IAC Update Service\DisplayName: “IAC Update Service”
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\DisplayName: “Ask.com”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip\DisplayName: “jZip”
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip\UninstallString: “”%Program Files%\jZip\uninstall.exe””
Detected by UnHackMe:
MUSICAPPHELPER.DLL
Default location: %PROGRAM FILES%\MUSIC APP\DATAMNGR\MUSICAPPHELPER.DLL
Dropper hash(md5): f5a7aa0401c376fe759fae2865130979
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.