PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Adware.Bandoo.237

Added to the Dr.Web virus database: 2015-03-26

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
  • [HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '%ProgramFiles%\fun4im\bndhook.dll '
Sets the following service settings
  • [HKLM\System\CurrentControlSet\Services\Fun4IM Coordinator] 'Start' = '00000002'
  • [HKLM\System\CurrentControlSet\Services\Fun4IM Coordinator] 'ImagePath' = '"C:\PROGRA~2\Fun4IM\Bandoo.exe"'
Creates the following services
  • 'Fun4IM Coordinator' "C:\PROGRA~2\Fun4IM\Bandoo.exe"
Malicious functions
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system
Creates the following files
  • %TEMP%\nse69f9.tmp\uac.dll
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\headsup.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\grey.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\graphred0_5.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\graphred0.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\games.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\email_on.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\email.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\downloadcom.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\divider.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\dictionary.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\ca.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-hover-splitter.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-hover-right.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-hover-back.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\images.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-hover-back-ff.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-drop-splitter.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-drop-right.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-drop-left.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-drop-back.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-down-splitter.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-down-right.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-down-left.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-down-back.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-down-back-ff.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\btn_settings.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\btn-widgets.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\button-hover-left.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btn-wide-minimize-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lichen.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\settings.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\searchqutb.css
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\search.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\search-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rsstopback.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rssback.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss-subscribe.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss-reload.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss-found.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss-folder.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss-folder-rename.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss-folder-remove.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\btn-widgets-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\ico-shield.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss-delete.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss-collapse.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\relatedlinks.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\pixsy.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\orange.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\news.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\music.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\modifyhot.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\modify.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\modify-save.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\menuseparatorback.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\maps.bmp
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\logo.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss-expand.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\logo-about.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\btn-settings.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\btn-settings-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\btn-search.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\bg-scalable-tr.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btnarrow-previous-off.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btnarrow-next.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btnarrow-next-off.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btn-wide-minimize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btn-wide-minimize-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btn-wide-minimize-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btn-wide-maximize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btn-wide-maximize-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btn-wide-maximize-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btn-wide-close.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btn-wide-close-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btn-wide-close-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\shopping.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\navico-home.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\bg-scalable-tl.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\bg-scalable-mdl.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\widget.xml
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\widget.js
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\tb_icon.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\powered-mystart.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\panel.html
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\navico-home.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btnarrow-previous.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btnarrow-previous-off.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btnarrow-next.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btnarrow-next-off.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btn-wide-minimize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btn-dragresize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\rss-feed.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\panel.html
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\widget.js
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\powered-mystart.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\btn-search-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\bluesky.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\bluelite.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\widget.xml
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\widget.js
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\tb_icon.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\powered-mystart.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\panel.html
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\navico-home.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btnarrow-previous.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btnarrow-previous-off.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btnarrow-next.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\tb_icon.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btnarrow-next-off.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\btnarrow-previous.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btn-wide-minimize-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btn-wide-maximize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btn-wide-maximize-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btn-wide-maximize-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btn-wide-close.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btn-wide-close-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btn-wide-close-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btn-dragresize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\bg-scalable-tr.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\bg-scalable-tl.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\bg-scalable-mdl.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1257\widget.xml
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217\btn-wide-minimize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\siteinfo.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\skin-bluelite.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\skin-bluesky.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\scroll-left.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\rsstabdivider.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\rsschannelback.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\rss.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\resize-box.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\rename.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\remove.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\radio.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\pop.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\movetarget.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\move.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\menuitemright-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\menuitemright-down-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\scroll-right.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\menuitemleft-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\menuitemback-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\menuitemback-down-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\menuitem-splitter.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\menu_separator_bar.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\menu_bg-basic.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\mailcom.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\lock.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\loadingmid.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\lastsearch-thumb-back.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\imap.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\hotmail.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\highlight_yellow.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\highlight_magenta.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\menuitemleft-down-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\css\popupwidgets.css
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btn-wide-minimize-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\text-ellipsis.xml
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\btn-previous.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\btn-previous-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\btn-next.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\btn-next-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\btn-drag.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\btn-close-grey.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\bg-btnover.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\arrow-sml.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\highlight_lime.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\truste_about.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\css\popupgames.css
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\css\popupabout.css
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\popupwidgets.html
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\popupgames.html
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\gametype.xsl
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\gamecategory.xsl
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\gamelist.xsl
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\gamedata.js
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\footer.htm
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\yahoo.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\transparent_1px.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\toolbarsplitter.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\throbber.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\search-go.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\btnleft-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\highlight_cyan.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\arrow-dn.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\rsslogo.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\zoom.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\youtube.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\yellow.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\yahoosearch.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\wikipedia.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widgets.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widgets-square-16px.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widget_uconverter.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widget_trio.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widget_todo.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widget_todo.jpg
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widget_sudoku.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\add.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widget_gservices.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widget_calcal.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widget_bliptv.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widget_allocine.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\web.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\weather.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\video.bmp
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\toolbarsplitter.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\throbber.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\technorati.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\skin-yellow.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\skin-orange.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\skin-lichen.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\skin-grey.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\widget_calculator.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\highlight.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\arrow-right.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\gmail.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\found.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\expand.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\edit-back.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\edit-back-hot.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\dtx.css
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\comcast.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\collapse.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\chevron.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\checkmark.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\button-splitter-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\button-splitter-down-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\btnright-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\highlight_blue.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\btnright-down-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\btnleft-down-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\btnback-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\btnback-down-vista.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\blank.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\bg-btnover-start.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\bg-btnover-mdl.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\bg-btnover-end.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\bg-btn-start.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\bg-btn-mdl_ff.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\bg-btn-mdl.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\bg-btn-end.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\arrow-up.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\aol.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\search.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btn-wide-minimize-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\bg-scalable-tl.gif
  • %TEMP%\fun4imfiles\bin\bndcore.exe
  • %TEMP%\fun4imfiles\bin\bandooui.exe
  • %TEMP%\fun4imfiles\bin\bandoogo.exe
  • %TEMP%\fun4imfiles\bin\bandoo.exe
  • %TEMP%\fun4imfiles\bin\yahooplugin.dll
  • %TEMP%\fun4imfiles\static\uitools.dll
  • %TEMP%\fun4imfiles\bin\oeplugin.dll
  • %TEMP%\fun4imfiles\bin\msnplugin.dll
  • %TEMP%\fun4imfiles\static\libungif4.dll
  • %TEMP%\fun4imfiles\bin\installerhelper.dll
  • %TEMP%\fun4imfiles\bin\ieplugin.dll
  • %TEMP%\fun4imfiles\bin\gifanimator.dll
  • %TEMP%\fun4imfiles\bin\flashanimator.dll
  • %TEMP%\fun4imfiles\bin\bndhook.dll
  • %TEMP%\fun4imfiles\bin\ffoxpackage.exe
  • %TEMP%\fun4imfiles\bin\bandoores.dll
  • %TEMP%\fun4imfiles\static\wpsubsystems.xml
  • %TEMP%\fun4imfiles\bin\resources\searchplugins\websearch.xml
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\bandootoolbarv9.xml
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\toolbar\bandootoolbar.xml
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\bandootoolbar.xml
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\bandootoolbar.xml
  • %TEMP%\fun4imfiles\bin\resources\bandoomessages.xml
  • %TEMP%\fun4imfiles\bin\resources\nudge5.wav
  • %TEMP%\fun4imfiles\bin\resources\nudge4.wav
  • %TEMP%\fun4imfiles\bin\resources\nudge3.wav
  • %TEMP%\fun4imfiles\bin\resources\nudge2.wav
  • %TEMP%\fun4imfiles\bin\crashrpt.dll
  • %TEMP%\fun4imfiles\bin\resources\tutorial\images\what_next.gif
  • %TEMP%\fun4imfiles\static\ffsettings.exe
  • %ProgramFiles(x86)%\fun4im\~glh0008.tmp
  • %ProgramFiles(x86)%\fun4im\~glh0007.tmp
  • %ProgramFiles(x86)%\fun4im\~glh0006.tmp
  • %TEMP%\nsf6691.tmp\inetload.dll
  • %TEMP%\nsf6691.tmp\uac.dll
  • %TEMP%\nsf6691.tmp\system.dll
  • %TEMP%\nsp6680.tmp
  • %ProgramFiles(x86)%\windows searchqu toolbar\uninstall.exe
  • %TEMP%\nsk5e75.tmp\findprocdll.dll
  • %ProgramFiles(x86)%\fun4im\~glh0005.tmp
  • %TEMP%\searchqu_dm\searchqumediabar.exe
  • %TEMP%\searchqu_dm\websearch.xml
  • %TEMP%\searchqu_dm\firefoxextension\content\overlay.xul
  • %TEMP%\fun4imfiles\bin\resources\nudge1.wav
  • %TEMP%\fun4imfiles\bin\extensionsmanager.exe
  • %TEMP%\searchqu_dm\firefoxextension\components\datamngrhlp.dll
  • %TEMP%\searchqu_dm\firefoxextension\install.rdf
  • %TEMP%\searchqu_dm\firefoxextension\chrome.manifest
  • %TEMP%\searchqu_dm\datamngrui.exe
  • %TEMP%\searchqu_dm\datamngr.dll
  • %ProgramFiles(x86)%\fun4im\~glh0004.tmp
  • %TEMP%\installhelper.dll
  • %TEMP%\nsk5e75.tmp\getversion.dll
  • %TEMP%\nsk5e75.tmp\system.dll
  • %TEMP%\~glh0003.tmp
  • %TEMP%\searchqu.ini
  • %TEMP%\~glh0002.tmp
  • %TEMP%\fun4imfiles\static\setupdatamngr_searchqu.exe
  • %TEMP%\searchqu_dm\firefoxextension\components\datamngrhlp.xpt
  • %TEMP%\fun4imfiles\bin\preuninstall.exe
  • %TEMP%\fun4imfiles\bin\resources\nudge0.wav
  • %TEMP%\fun4imfiles\bin\resources\tutorial\images\fun4im\installation_page_frame.swf
  • %TEMP%\fun4imfiles\bin\resources\searchplugins\websearch.src
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\images\1002.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\toolbar\images\1012.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\images\1011.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\toolbar\images\1011.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\images\1006fun4im.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\toolbar\images\1006fun4im.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1006.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\images\1005.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1005.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\images\1004.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1004.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\images\1003.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\toolbar\images\1003.dat
  • %ProgramFiles(x86)%\fun4im\~glh0009.tmp
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\toolbar\images\1013.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\toolbar\images\1002.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1002.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\images\1001.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\toolbar\images\1001.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1001.dat
  • %TEMP%\fun4imfiles\~glh0001.tmp
  • %TEMP%\~glh0000.tmp
  • %TEMP%\glgc036.tmp
  • %TEMP%\glka90c.tmp
  • %TEMP%\glja709.tmp
  • %TEMP%\glca6f8.tmp
  • %TEMP%\nse69f9.tmp\system.dll
  • %TEMP%\nsu6a58.tmp.exe
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1003.dat
  • %TEMP%\searchqu_dm\firefoxextension\content\overlay.js
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\images\1013.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1051.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\toolbar\images\1014.dat
  • %TEMP%\fun4imfiles\static\licensefun4im.rtf
  • %TEMP%\fun4imfiles\bin\resources\plugins\ie\bandoo.js
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\images\wink_play.jpg
  • %TEMP%\fun4imfiles\bin\resources\tutorial\images\screen.jpg
  • %TEMP%\fun4imfiles\bin\resources\plugins.ini
  • %TEMP%\fun4imfiles\bin\resources\tutorial\tutorial.html
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\html\error.html
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\html\error.html
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\html\error.html
  • %TEMP%\fun4imfiles\bin\resources\plugins\ie\html\error.html
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\html\blank.html
  • %TEMP%\fun4imfiles\bin\resources\plugins\oe\html\blank.html
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\images\1014.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\html\blank.html
  • %TEMP%\fun4imfiles\bin\resources\plugins\msn\toolbar\images\1012.dat
  • %TEMP%\fun4imfiles\bin\resources\tutorial\images\topbg.gif
  • %TEMP%\fun4imfiles\bin\resources\tutorial\images\fun4im\startmenutoptext.gif
  • %TEMP%\fun4imfiles\bin\resources\downloadingfun4im.gif
  • %TEMP%\fun4imfiles\bin\resources\tutorial\images\contentbg.gif
  • %TEMP%\fun4imfiles\bin\resources\tutorial\images\close.gif
  • %TEMP%\fun4imfiles\bin\resources\tutorial\images\bottombg.gif
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1057.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1056.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1055.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1054.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1053.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\yahoo\toolbar\images\1052.dat
  • %TEMP%\fun4imfiles\bin\resources\plugins\ie\html\blank.html
  • %ProgramFiles(x86)%\fun4im\~glh000a.tmp
  • %ProgramFiles(x86)%\fun4im\~glh000b.tmp
  • %ProgramFiles(x86)%\fun4im\~glh000c.tmp
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\modules\datastore.jsm
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\lib\wmpstreamer.html
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\lib\neterror.xhtml
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\lib\external.js
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\lib\emailnotifierproviders.xml
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\lib\dtxwin.xul
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\lib\dtxprefwin.xul
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\lib\dtxpanelwin.xul
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\lib\about.xml
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\data\search\search.xsl
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\data\search\engines.xml
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\toolbar.xul
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\toolbar.htm
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.youtube.1217.zip
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\searchqutb.js
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\.#searchqutb.js.1.3
  • %ProgramFiles%\wia6eb~1\toolbar\components\windowmediator.js
  • %ProgramFiles%\wia6eb~1\toolbar\searchqudx.dll
  • %ProgramFiles%\wia6eb~1\toolbar\searchqutb.dll
  • %ProgramFiles%\wia6eb~1\toolbar\manifest.xml
  • %TEMP%\nsf6691.tmp\xml.dll
  • %TEMP%\nsp7afc.tmp
  • %ALLUSERSPROFILE%\bandoo\crashreportinfo.xml
  • %ALLUSERSPROFILE%\bandoo\wpsubsystems.xml
  • %ALLUSERSPROFILE%\bandoo\config.xml
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\fun4im\fun4im extensions.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\fun4im\license agreement.lnk
  • %APPDATA%\microsoft\windows\ietldcache\low\index.dat
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\preferences.xml
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btnarrow-previous.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btn-wide-maximize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\bg-scalable-tr.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btn-wide-maximize-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btn-wide-close.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btn-wide-close-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btn-wide-close-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btn-dragresize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\bg-scalable-tr.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\bg-scalable-tl.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\bg-scalable-mdl.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\widget.xml
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\widget.js
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\tb_icon.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\powered-mystart.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\panel.html
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\navico-home.gif
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btnarrow-previous-off.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btnarrow-next.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btnarrow-next-off.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btn-wide-minimize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btn-wide-minimize-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btn-wide-minimize-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btn-wide-maximize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btn-wide-maximize-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btn-wide-maximize-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btn-wide-close.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btn-wide-close-over.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btn-wide-close-down.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\btn-dragresize.png
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1227\bg-scalable-mdl.gif
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh003a.tmp
  • %APPDATA%\microsoft\windows\cookies\low\index.dat
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh002b.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0028.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0027.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0026.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0025.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0024.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0023.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0022.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\~glh0021.tmp
  • %ProgramFiles(x86)%\fun4im\resources\~glh0020.tmp
  • %ProgramFiles(x86)%\fun4im\resources\~glh001f.tmp
  • %ProgramFiles(x86)%\fun4im\resources\~glh001e.tmp
  • %ProgramFiles(x86)%\fun4im\resources\~glh001d.tmp
  • %ProgramFiles(x86)%\fun4im\resources\~glh001c.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0029.tmp
  • %ProgramFiles(x86)%\fun4im\resources\~glh001b.tmp
  • %ProgramFiles(x86)%\fun4im\resources\~glh0019.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\ie\~glh0018.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\~glh0017.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\~glh0016.tmp
  • %ProgramFiles(x86)%\fun4im\~glh0015.tmp
  • %ProgramFiles(x86)%\fun4im\~glh0014.tmp
  • %ProgramFiles(x86)%\fun4im\~glh0013.tmp
  • %ALLUSERSPROFILE%\fun4im\~glh0012.tmp
  • %ProgramFiles(x86)%\fun4im\~glh0011.tmp
  • %ProgramFiles(x86)%\fun4im\~glh0010.tmp
  • %ProgramFiles(x86)%\fun4im\~glh000f.tmp
  • %ProgramFiles(x86)%\fun4im\~glh000e.tmp
  • %ProgramFiles(x86)%\fun4im\~glh000d.tmp
  • %ProgramFiles(x86)%\fun4im\resources\~glh001a.tmp
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\content\widgets\net.vmn.www.3.twitter.1255\btn-wide-maximize-over.png
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\newaxeez\desktop.ini
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\~glh002c.tmp
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\sc6315q9\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\rfcjzx81\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
  • %ProgramFiles(x86)%\fun4im\plugins\ie\resources\html\~glh0041.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\ie\resources\html\~glh0040.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\ie\resources\~glh003f.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\html\~glh003e.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\html\~glh003d.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\html\~glh003c.tmp
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\7i44206x\desktop.ini
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\html\~glh003b.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0039.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0038.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0037.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0036.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0035.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0034.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0033.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0032.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0031.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0030.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh002f.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh002e.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\~glh002d.tmp
  • %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh002a.tmp
  • %ProgramFiles%\wia6eb~1\toolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
Sets the 'hidden' attribute to the following files
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\rfcjzx81\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\sc6315q9\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\newaxeez\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\7i44206x\desktop.ini
Deletes the following files
  • %TEMP%\searchqu_dm\datamngr.dll
  • %TEMP%\searchqu_dm\datamngrui.exe
  • %TEMP%\searchqu_dm\firefoxextension\chrome.manifest
  • %TEMP%\searchqu_dm\firefoxextension\components\datamngrhlp.dll
  • %TEMP%\searchqu_dm\firefoxextension\components\datamngrhlp.xpt
  • %TEMP%\searchqu_dm\firefoxextension\content\overlay.js
  • %TEMP%\searchqu_dm\firefoxextension\content\overlay.xul
  • %TEMP%\searchqu_dm\firefoxextension\install.rdf
  • %TEMP%\searchqu_dm\searchqumediabar.exe
  • %TEMP%\searchqu_dm\websearch.xml
  • %TEMP%\nsk5e75.tmp\findprocdll.dll
  • %TEMP%\nsk5e75.tmp\getversion.dll
  • %TEMP%\nsk5e75.tmp\system.dll
Moves the following files
  • from %TEMP%\~glh0000.tmp to %TEMP%\glfc3ff.tmp
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0024.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\1003.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0025.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\1004.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0026.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\1005.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0027.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\1011.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0028.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\1012.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0029.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\1013.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh002a.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\1014.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh002b.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\1006.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\~glh002c.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\bandootoolbar.xml
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\~glh002d.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\bandootoolbarv9.xml
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh002e.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1001.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh002f.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1002.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0030.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1003.dat
  • from %ProgramFiles(x86)%\fun4im\~glh0010.tmp to %ProgramFiles(x86)%\fun4im\license.rtf
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0031.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1004.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0033.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1006.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0034.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1051.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0035.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1052.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0036.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1053.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0037.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1054.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0038.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1055.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0039.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1056.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh003a.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1057.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\html\~glh003b.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\html\blank.html
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\html\~glh003c.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\html\error.html
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\html\~glh003d.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\html\blank.html
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\html\~glh003e.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\html\error.html
  • from %ProgramFiles(x86)%\fun4im\plugins\ie\resources\~glh003f.tmp to %ProgramFiles(x86)%\fun4im\plugins\ie\resources\bandoo.js
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0022.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\1001.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\~glh0023.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\images\1002.dat
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\~glh0021.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\resources\toolbar\bandootoolbar.xml
  • from %ProgramFiles(x86)%\fun4im\resources\~glh0020.tmp to %ProgramFiles(x86)%\fun4im\resources\downloading.gif
  • from %ProgramFiles(x86)%\fun4im\resources\~glh001f.tmp to %ProgramFiles(x86)%\fun4im\resources\bandoomessages.xml
  • from %TEMP%\~glh0002.tmp to %TEMP%\glff349.tmp
  • from %TEMP%\~glh0003.tmp to %TEMP%\setupdatamngr_searchqu.exe
  • from %ProgramFiles(x86)%\fun4im\~glh0004.tmp to %ProgramFiles(x86)%\fun4im\installerhelper.dll
  • from %ProgramFiles(x86)%\fun4im\~glh0005.tmp to %ProgramFiles(x86)%\fun4im\unwise.exe
  • from %ProgramFiles(x86)%\fun4im\~glh0006.tmp to %ProgramFiles(x86)%\fun4im\preuninstall.exe
  • from %ProgramFiles(x86)%\fun4im\~glh0007.tmp to %ProgramFiles(x86)%\fun4im\bandoo.exe
  • from %ProgramFiles(x86)%\fun4im\~glh0008.tmp to %ProgramFiles(x86)%\fun4im\bandoogo.exe
  • from %ProgramFiles(x86)%\fun4im\~glh0009.tmp to %ProgramFiles(x86)%\fun4im\extensionsmanager.exe
  • from %ProgramFiles(x86)%\fun4im\~glh000a.tmp to %ProgramFiles(x86)%\fun4im\bndcore.exe
  • from %ProgramFiles(x86)%\fun4im\~glh000b.tmp to %ProgramFiles(x86)%\fun4im\bandoores.dll
  • from %ProgramFiles(x86)%\fun4im\~glh000c.tmp to %ProgramFiles(x86)%\fun4im\gifanimator.dll
  • from %ProgramFiles(x86)%\fun4im\~glh000d.tmp to %ProgramFiles(x86)%\fun4im\flashanimator.dll
  • from %ProgramFiles(x86)%\fun4im\~glh000e.tmp to %ProgramFiles(x86)%\fun4im\crashrpt.dll
  • from %ProgramFiles(x86)%\fun4im\plugins\ie\resources\html\~glh0040.tmp to %ProgramFiles(x86)%\fun4im\plugins\ie\resources\html\blank.html
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\~glh0032.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\resources\toolbar\images\1005.dat
  • from %ProgramFiles(x86)%\fun4im\~glh000f.tmp to %ProgramFiles(x86)%\fun4im\plugins.ini
  • from %ALLUSERSPROFILE%\fun4im\~glh0012.tmp to %ALLUSERSPROFILE%\fun4im\wpsubsystems.xml
  • from %ProgramFiles(x86)%\fun4im\~glh0013.tmp to %ProgramFiles(x86)%\fun4im\bandooui.exe
  • from %ProgramFiles(x86)%\fun4im\~glh0014.tmp to %ProgramFiles(x86)%\fun4im\ffsettings.exe
  • from %ProgramFiles(x86)%\fun4im\~glh0015.tmp to %ProgramFiles(x86)%\fun4im\bndhook.dll
  • from %ProgramFiles(x86)%\fun4im\plugins\msn\~glh0016.tmp to %ProgramFiles(x86)%\fun4im\plugins\msn\msnplugin.dll
  • from %ProgramFiles(x86)%\fun4im\plugins\yahoo\~glh0017.tmp to %ProgramFiles(x86)%\fun4im\plugins\yahoo\yahooplugin.dll
  • from %ProgramFiles(x86)%\fun4im\plugins\ie\~glh0018.tmp to %ProgramFiles(x86)%\fun4im\plugins\ie\ieplugin.dll
  • from %ProgramFiles(x86)%\fun4im\resources\~glh0019.tmp to %ProgramFiles(x86)%\fun4im\resources\nudge0.wav
  • from %ProgramFiles(x86)%\fun4im\resources\~glh001a.tmp to %ProgramFiles(x86)%\fun4im\resources\nudge1.wav
  • from %ProgramFiles(x86)%\fun4im\resources\~glh001b.tmp to %ProgramFiles(x86)%\fun4im\resources\nudge2.wav
  • from %ProgramFiles(x86)%\fun4im\resources\~glh001c.tmp to %ProgramFiles(x86)%\fun4im\resources\nudge3.wav
  • from %ProgramFiles(x86)%\fun4im\resources\~glh001d.tmp to %ProgramFiles(x86)%\fun4im\resources\nudge4.wav
  • from %ProgramFiles(x86)%\fun4im\resources\~glh001e.tmp to %ProgramFiles(x86)%\fun4im\resources\nudge5.wav
  • from %TEMP%\fun4imfiles\~glh0001.tmp to %TEMP%\fun4imfiles\files.exe
  • from %ProgramFiles(x86)%\fun4im\~glh0011.tmp to %ProgramFiles(x86)%\fun4im\libungif4.dll
  • from %ProgramFiles(x86)%\fun4im\plugins\ie\resources\html\~glh0041.tmp to %ProgramFiles(x86)%\fun4im\plugins\ie\resources\html\error.html
Modifies the following files
  • %LOCALAPPDATA%\google\chrome\user data\default\preferences
  • %LOCALAPPDATA%\google\chrome\user data\default\web data-journal
  • %LOCALAPPDATA%\google\chrome\user data\default\web data
Network activity
UDP
  • DNS ASK se###h.vmn.net
  • DNS ASK pr####.bandoo.com
  • DNS ASK se####e.bandoo.com
Miscellaneous
Creates and executes the following
  • '%TEMP%\nsu6a58.tmp.exe' -AnswerFile=%TEMP%\nsp7AFC.tmp -Extra=REFID:62|ORIGIN:0
  • '%TEMP%\fun4imfiles\files.exe' "-o%TEMP%\Fun4IMFiles" -y
  • '%TEMP%\searchqu_dm\searchqumediabar.exe' /S /NOADDREMOVE /D=C:\PROGRA~2\WIA6EB~1\ToolBar
  • '%ProgramFiles(x86)%\fun4im\bandooui.exe' cookie http://fun4im.com
  • '%TEMP%\glja709.tmp' %ProgramFiles(x86)%\Fun4IM\GIFAnimator.dll
  • '%TEMP%\glja709.tmp' %ProgramFiles(x86)%\Fun4IM\FlashAnimator.dll
  • '%TEMP%\glja709.tmp' %ProgramFiles(x86)%\Fun4IM\CrashRpt.dll
  • '%TEMP%\glja709.tmp' %ProgramFiles(x86)%\Fun4IM\Plugins\IE\ieplugin.dll
Executes the following
  • '%WINDIR%\syswow64\rundll32.exe' %TEMP%\INSTAL~1.DLL,_SetChromeAssets http://www.searchqu.com/403,http://www.searchqu.com/web?src=crb&systemid=403&q={searchTerms},Web Search,q,
  • '%WINDIR%\syswow64\regsvr32.exe' /u /s "C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll"
  • '%TEMP%\fun4imfiles\files.exe' "-o%TEMP%\Fun4IMFiles" -y' (with hidden window)
  • '%TEMP%\setupd~1.exe' /S' (with hidden window)
  • '%WINDIR%\syswow64\rundll32.exe' %TEMP%\INSTAL~1.DLL,_SetChromeAssets http://www.searchqu.com/403,http://www.searchqu.com/web?src=crb&systemid=403&q={searchTerms},Web Search,q,' (with hidden window)
  • '%TEMP%\searchqu_dm\searchqumediabar.exe' /S /NOADDREMOVE /D=C:\PROGRA~2\WIA6EB~1\ToolBar' (with hidden window)
  • '%ProgramFiles%\fun4im\bndcore.exe' /RegServer' (with hidden window)

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play