6-adw_funxy-4.6.3.1.exe - Dangerous
6-adw_funxy-4.6.3.1.exe
Manual removal instructions:
Antivirus Report of 6-adw_funxy-4.6.3.1.exe:
6-adw_funxy-4.6.3.1.exe
We suggest you to remove nsfun.dll from your computer as soon as possible.
Nsfun.dll is Trojan/Backdoor.
Kill the file nsfun.dll and remove nsfun.dll from Windows startup.
File: 6-adw_funxy-4.6.3.1.exe
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.04 Win32:BHO-VX
AVG 8.5.0.406 2009.08.04 Adload_r.EO
BitDefender 7.2 2009.08.04 Gen:Adware.Heur.wu8@tKmaMWji
Comodo 1863 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.04 Trojan.Win32.Vapsup.wee
Kaspersky 7.0.0.125 2009.08.04 Trojan.Win32.Vapsup.wed
Microsoft 1.4903 2009.08.04 -
NOD32 4305 2009.08.04 a variant of Win32/Adware.AdzgaloreBiz
Symantec 1.4.4.12 2009.08.04 -
Additional information
File size: 371698 bytes
MD5 : fbfddd78adcf35cdad61295fe34e84c5
SHA1 : 3c9200fbefe3438d756de7d38b4496fb6b9ce923
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:4
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\InProcServer32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy
----------------------------------
Values added:9
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\InProcServer32\: "C:\WINDOWS\system32\nsi4.dll"
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\InProcServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\: "funxy.biz"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\NoExplorer: """"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\DisplayName: "Contextual Tool Funxy"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\UninstallString: "C:\WINDOWS\system32\cont_funxy-remove.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\NoModify: 0x00000000
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\NoRepair : 0x00000000
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\DisplayVersion: "4.6.3.1"
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:9
----------------------------------
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1659004503-1708537768-1801674531-500\16bce07ea52d6bb6453443fce08714be_e17ef422-72d0-4843-9f36-93d1c74df894
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1659004503-1708537768-1801674531-500\8607a0e4-3f3c-4a29-82a0-df3963c642a0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1659004503-1708537768-1801674531-500\Preferred
C:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\System.dll
C:\Program Files\Mozilla Firefox\components\nsfun.dll
C:\Program Files\Mozilla Firefox\.autoreg
C:\WINDOWS\system32\cont_funxy-remove.exe
C:\WINDOWS\system32\nsi4.dll
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:6
----------------------------------
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1659004503-1708537768-1801674531-500
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1659004503-1708537768-1801674531-500
C:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:28
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: {e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}
Author:
Related File: C:\WINDOWS\system32\nsi4.dll
Type: Browser Helper Objects
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
nsi4.dll
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.04 Win32:BHO-VX
AVG 8.5.0.406 2009.08.04 Generic4.IML
BitDefender 7.2 2009.08.04 Gen:Adware.Heur.wu8@tKmaMWji
Comodo 1862 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.04 -
Kaspersky 7.0.0.125 2009.08.04 Trojan.Win32.Vapsup.wed
Microsoft 1.4903 2009.08.04 BrowserModifier:Win32/Fotomoto
NOD32 4304 2009.08.04 a variant of Win32/Adware.AdzgaloreBiz
Symantec 1.4.4.12 2009.08.04 -
Additional information
File size: 375296 bytes
MD5 : f199d1cb902e8303d2a893f23408ab29
SHA1 : 422b18ca443867b960e76b0485840ec2aafe7503
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
6-adw_funxy-4.6.3.1.exe | Malware |
6-adw_funxy-4.6.3.1.exe | Dangerous |
6-adw_funxy-4.6.3.1.exe | High Risk |
Nsfun.dll is Trojan/Backdoor.
Kill the file nsfun.dll and remove nsfun.dll from Windows startup.
File: 6-adw_funxy-4.6.3.1.exe
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.04 Win32:BHO-VX
AVG 8.5.0.406 2009.08.04 Adload_r.EO
BitDefender 7.2 2009.08.04 Gen:Adware.Heur.wu8@tKmaMWji
Comodo 1863 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.04 Trojan.Win32.Vapsup.wee
Kaspersky 7.0.0.125 2009.08.04 Trojan.Win32.Vapsup.wed
Microsoft 1.4903 2009.08.04 -
NOD32 4305 2009.08.04 a variant of Win32/Adware.AdzgaloreBiz
Symantec 1.4.4.12 2009.08.04 -
Additional information
File size: 371698 bytes
MD5 : fbfddd78adcf35cdad61295fe34e84c5
SHA1 : 3c9200fbefe3438d756de7d38b4496fb6b9ce923
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:4
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\InProcServer32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy
----------------------------------
Values added:9
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\InProcServer32\: "C:\WINDOWS\system32\nsi4.dll"
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\InProcServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\: "funxy.biz"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\NoExplorer: """"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\DisplayName: "Contextual Tool Funxy"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\UninstallString: "C:\WINDOWS\system32\cont_funxy-remove.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\NoModify: 0x00000000
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\NoRepair : 0x00000000
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\DisplayVersion: "4.6.3.1"
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:9
----------------------------------
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1659004503-1708537768-1801674531-500\16bce07ea52d6bb6453443fce08714be_e17ef422-72d0-4843-9f36-93d1c74df894
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1659004503-1708537768-1801674531-500\8607a0e4-3f3c-4a29-82a0-df3963c642a0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1659004503-1708537768-1801674531-500\Preferred
C:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\System.dll
C:\Program Files\Mozilla Firefox\components\nsfun.dll
C:\Program Files\Mozilla Firefox\.autoreg
C:\WINDOWS\system32\cont_funxy-remove.exe
C:\WINDOWS\system32\nsi4.dll
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:6
----------------------------------
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1659004503-1708537768-1801674531-500
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1659004503-1708537768-1801674531-500
C:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:28
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: {e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}
Author:
Related File: C:\WINDOWS\system32\nsi4.dll
Type: Browser Helper Objects
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
nsi4.dll
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.04 Win32:BHO-VX
AVG 8.5.0.406 2009.08.04 Generic4.IML
BitDefender 7.2 2009.08.04 Gen:Adware.Heur.wu8@tKmaMWji
Comodo 1862 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.04 -
Kaspersky 7.0.0.125 2009.08.04 Trojan.Win32.Vapsup.wed
Microsoft 1.4903 2009.08.04 BrowserModifier:Win32/Fotomoto
NOD32 4304 2009.08.04 a variant of Win32/Adware.AdzgaloreBiz
Symantec 1.4.4.12 2009.08.04 -
Additional information
File size: 375296 bytes
MD5 : f199d1cb902e8303d2a893f23408ab29
SHA1 : 422b18ca443867b960e76b0485840ec2aafe7503
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.