home

ToolbarCleaner.exe

Toolbar Cleaner

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application ToolbarCleaner.exe by Visicom Media has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. Additionally, the file is typically installed by a number of programs including Toolbar Cleaner 1.0 by Visicom Media inc. and MyStart Toolbar by Visicom Media inc., both potentially unwanted software.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
Toolbar Cleaner

Version:
1, 1, 0, 3

MD5:
77174a6f47b40aea93b4d69cc3292d4a

SHA-1:
bdf4c68c3030d77834921b60b847966f71333ba0

SHA-256:
f3bfa57301ff2322f047cf23ed65ae0474126ab5f4221b7681c622896d79d237

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
5/18/2024 10:05:01 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.VisicomMedia.O
188838

Reason Heuristics
PUP.ToolbarCleaner.VisicomMedia.O
14.10.1.11

File size:
569.7 KB (583,336 bytes)

Product version:
1, 1, 0, 3

Copyright:
Copyright (c) 2012 All rights reserved Visicom Media Inc.

Original file name:
ToolbarCleaner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mystarttb\toolbarcleaner.exe

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte, Inc.

Valid from:
4/18/2012 2:00:00 AM

Valid to:
6/22/2014 1:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata
Compilation timestamp:
6/14/2012 5:03:16 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:0V5f50OgSeZlA83six7eeEjphKFubr8rDJuxZrHvHEO:0/f50oX83bx7e3u88rtuxD

Entry address:
0x419E1

Entry point:
E8, 6B, EA, 00, 00, E9, 79, FE, FF, FF, CC, 68, 10, 09, 44, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 80, 31, 47, 00, 31, 45, FC, 33, C5, 89, 45, E4, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, E4, 33, CD, E8, 39, B4, FF, FF, E9, B2, EE, FF, FF, 6A, 0C, 68, A0, DF, 46, 00, E8, 61, EE, FF, FF, 6A, 0E, E8, 7B, 41, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04...
 
[+]

Code size:
363.5 KB (372,224 bytes)

Windows Firewall Allowed Program
Name:
C:\Programme\mystarttb\ToolbarCleaner.exe


The file ToolbarCleaner.exe has been discovered within the following programs.

MyStart Toolbar  by Visicom Media inc.
MyStart Toolbar is a Visicom Media (VMN) toolbar that integrates with major web browsers including Google Chrome, Firefox and Internet Explorer.
apps.mystart.com
85% remove it
Toolbar Cleaner 1.0  by Visicom Media inc.
Toolbar Cleaner is an app from Visicom Media that allows you to select various toolbars installed on your PC and remove them. It is typically installed through bundled installers but could also be installed from the Visicom Media website.
toolbarcleaner.com
87% remove it
 
Powered by Should I Remove It?

The file ToolbarCleaner.exe has been seen being distributed by the following URL.

http://www.meemore.com/.../ToolbarCleaner.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ord1.fbcdn.net  (31.13.74.7:443)

TCP (HTTP):
Connects to inovanet.cl  (64.15.156.55:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mxp1.facebook.com  (31.13.86.36:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ort2.fbcdn.net  (157.240.2.25:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-lhr3.fbcdn.net  (31.13.90.6:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-lhr3.facebook.com  (31.13.90.36:443)

TCP (HTTP):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-fra3.fbcdn.net  (31.13.93.7:443)

TCP (HTTP SSL):
Connects to www.turktelekom.com.tr  (195.175.116.80:443)

TCP (HTTP):
Connects to edge-star-shv-01-fra3.facebook.com  (31.13.93.3:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-ort2.facebook.com  (157.240.2.35:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-ord1.facebook.com  (31.13.74.36:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-lht6.facebook.com  (157.240.1.35:443)

TCP (HTTP):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:80)

TCP (HTTP):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:80)

TCP (HTTP):
Connects to a23-33-1-11.deploy.static.akamaitechnologies.com  (23.33.1.11:80)

Remove ToolbarCleaner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.