home

guninstaller.exe

Uninstaller

Visual Tools

The application guninstaller.exe, “Uninstaller Application” by Visual Tools has been detected as adware by 25 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Delta toolbar by Delta. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Ltd.  (signed by Visual Tools)

Product:
Uninstaller

Description:
Uninstaller Application

Version:
9.1.2.11

MD5:
65f9a14fb1000512dd98726878a2a96d

SHA-1:
cb7bc08279a2a86cec43f7a495f20db917278f09

SHA-256:
82451b4416c6b42559a279de6559d5cf3a0c707fc747a5e7a82aa4ef29a9f6d9

Scanner detections:
25 / 68

Status:
Adware

Analysis date:
4/24/2024 3:04:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Virtob.Gen.12
355

Avira AntiVirus
W32/Virut.Gen
7.11.30.172

avast!
Win32:Virtu-A
2014.9-160214

Bitdefender
Win32.Virtob.Gen.12
1.0.20.225

Bkav FE
W32.Vetor.PE
1.3.0.4959

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
8.16.02.14.06

Fortinet FortiGate
W32/Virut.CE
2/14/2016

F-Prot
W32/Virut.AL!Generic
v6.4.6.5.141

F-Secure
Win32.Virtob.Gen.12
11.2016-14-02_1

G Data
Win32.Virtob.Gen.12
16.2.24

IKARUS anti.virus
Virus.Win32.Virut
t3scan.1.7.8.0

K7 AntiVirus
Virus
13.183.13432

McAfee
W32/Virut.n.gen
5600.6489

Microsoft Security Essentials
Threat.Undefined
1.185.496.0

MicroWorld eScan
Win32.Virtob.Gen.12
17.0.0.135

Norman
Virut.HL
11.20160214

nProtect
Virus/W32.Virut.Gen
14.09.19.01

Quick Heal
W32.Virut.G
2.16.14.00

Reason Heuristics
PUP.Babylon.Banylon.Installer (M)
16.2.14.18

Sophos
W32/Scribble-B
4.98

Trend Micro House Call
TROJ_GEN.F47V0726
7.2.45

Trend Micro
ADW_BABYLON
10.465.14

Vba32 AntiVirus
Virus.Virut.14
3.12.26.3

VIPRE Antivirus
Threat.4737366
32938

Zillya! Antivirus
Virus.Virut.Win32.1938
2.0.0.1927

File size:
3.5 MB (3,695,088 bytes)

Product version:
9.1.2.11

Copyright:
Copyright © Babylon Ltd. 1997-2013

Original file name:
Uninstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\delta\delta\1.8.24.6\guninstaller.exe

Digital Signature
Signed by:
Visual Tools

Authority:
Thawte, Inc.

Valid from:
1/10/2013 8:00:00 AM

Valid to:
1/11/2015 7:59:59 AM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789958B0264F06055619270074AFA61F

File PE Metadata
Compilation timestamp:
8/26/2013 9:27:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Q3UBSA6VHoUdBgDZUlN0qFxBZMjxyLiyFlgeyn7zA:+UBSJVH1zWZWh7Z6AK7zA

Entry address:
0x1BF7B

Entry point:
E8, 57, A3, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, D0, 3F, 43, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, D0, 3F, 43, 00, 8B, 00, 89, 41, 04, C6, 41, 08, 00, 8B, C1, 5D, C2, 08, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, D0, 3F, 43, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, D0, 3F, 43, 00, E9, 96, 00, 00, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08...
 
[+]

Entropy:
0.8910

Code size:
185.5 KB (189,952 bytes)

Program Uninstaller
Program name:
Delta toolbar

Display publisher:
Delta

Display version:
1.8.24.6

Uninstall string:
"C:\Program Files\Delta\delta\1.8.24.6\GUninstaller.exe" -uprtc -ask -rmbus "Delta toolbar" -nontfy -bname=dlt -key "delta"


Remove guninstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.