6-adw_funxy-4.6.3.1.exe - Dangerous

6-adw_funxy-4.6.3.1.exe

Manual removal instructions:

Antivirus Report of 6-adw_funxy-4.6.3.1.exe:
6-adw_funxy-4.6.3.1.exe Malware
6-adw_funxy-4.6.3.1.exeDangerous
6-adw_funxy-4.6.3.1.exeHigh Risk
6-adw_funxy-4.6.3.1.exe
We suggest you to remove nsfun.dll from your computer as soon as possible.
Nsfun.dll is Trojan/Backdoor.
Kill the file nsfun.dll and remove nsfun.dll from Windows startup.

File: 6-adw_funxy-4.6.3.1.exe

Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.04 Win32:BHO-VX
AVG 8.5.0.406 2009.08.04 Adload_r.EO
BitDefender 7.2 2009.08.04 Gen:Adware.Heur.wu8@tKmaMWji
Comodo 1863 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.04 Trojan.Win32.Vapsup.wee
Kaspersky 7.0.0.125 2009.08.04 Trojan.Win32.Vapsup.wed
Microsoft 1.4903 2009.08.04 -
NOD32 4305 2009.08.04 a variant of Win32/Adware.AdzgaloreBiz
Symantec 1.4.4.12 2009.08.04 -

Additional information
File size: 371698 bytes
MD5 : fbfddd78adcf35cdad61295fe34e84c5
SHA1 : 3c9200fbefe3438d756de7d38b4496fb6b9ce923

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:4
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\InProcServer32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy

----------------------------------
Values added:9
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\InProcServer32\: "C:\WINDOWS\system32\nsi4.dll"
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\InProcServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\: "funxy.biz"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}\NoExplorer: """"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\DisplayName: "Contextual Tool Funxy"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\UninstallString: "C:\WINDOWS\system32\cont_funxy-remove.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\NoModify: 0x00000000
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\NoRepair : 0x00000000
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_funxy\DisplayVersion: "4.6.3.1"

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:9
----------------------------------
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1659004503-1708537768-1801674531-500\16bce07ea52d6bb6453443fce08714be_e17ef422-72d0-4843-9f36-93d1c74df894
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1659004503-1708537768-1801674531-500\8607a0e4-3f3c-4a29-82a0-df3963c642a0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1659004503-1708537768-1801674531-500\Preferred
C:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp\System.dll
C:\Program Files\Mozilla Firefox\components\nsfun.dll
C:\Program Files\Mozilla Firefox\.autoreg
C:\WINDOWS\system32\cont_funxy-remove.exe
C:\WINDOWS\system32\nsi4.dll

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:6
----------------------------------
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1659004503-1708537768-1801674531-500
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1659004503-1708537768-1801674531-500
C:\Documents and Settings\Administrator\Local Settings\Temp\nss3.tmp

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:28
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: {e94af9d2-3ea2-0078-7017-ba1c9ca9fcb4}
Author:
Related File: C:\WINDOWS\system32\nsi4.dll
Type: Browser Helper Objects

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
nsi4.dll

Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.04 Win32:BHO-VX
AVG 8.5.0.406 2009.08.04 Generic4.IML
BitDefender 7.2 2009.08.04 Gen:Adware.Heur.wu8@tKmaMWji
Comodo 1862 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 -
F-Secure 8.0.14470.0 2009.08.04 -
Kaspersky 7.0.0.125 2009.08.04 Trojan.Win32.Vapsup.wed
Microsoft 1.4903 2009.08.04 BrowserModifier:Win32/Fotomoto
NOD32 4304 2009.08.04 a variant of Win32/Adware.AdzgaloreBiz
Symantec 1.4.4.12 2009.08.04 -

Additional information
File size: 375296 bytes
MD5 : f199d1cb902e8303d2a893f23408ab29
SHA1 : 422b18ca443867b960e76b0485840ec2aafe7503
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove 6-adw_funxy-4.6.3.1.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.