Home Malware Programs Potentially Unwanted Programs (PUPs) WeatherBlink Toolbar

WeatherBlink Toolbar

Posted: July 24, 2013

Threat Metric

Ranking: 1,129
Threat Level: 1/10
Infected PCs: 231,807
First Seen: November 23, 2010
Last Seen: October 17, 2023
OS(es) Affected: Windows

The WeatherBlink Toolbar is a Potentially Unwanted Program created by Mindspark Interactive Network, Inc. that does provide some legitimate features (primarily related to weather tracking), but also will make unnecessary changes to your browser, such as changing your homepage and new tab page on all web browsers.

 

The WeatherBlink Toolbar is categorized as a Potentially Unwanted Program. Computer users who do not find WeatherBlink Toolbar to be useful may remove WeatherBlink Toolbar through use of an antimalware program. Additionally, WeatherBlink Toolbar may be eliminated in Internet Explorer by going through its Control Panel. Moreover, WeatherBlink Toolbar may be removed from Firefox and Google Chrome by going into the web browser's add-on extensions menu.

Aliases

Trojan/Win32.Buzus [AhnLab-V3]Zango [AVG]Riskware/MyWebSearch [Fortinet]Adware/WebSearch [Panda]RiskWare[WebToolbar:not-a-virus]/Win32.MyWebSearch [Antiy-AVL]not-a-virus:WebToolbar.Win32.MyWebSearch.si [Kaspersky]Win32:Mindspark-A [PUP] [Avast]Win32.SuspectCrc [Ikarus]UnclassifiedMalware [Comodo]not-a-virus:WebToolbar.Win32.MyWebSearch.gen [Kaspersky]not-a-virus:WebToolbar.Win32.MyWebSearch.gi [Kaspersky]Win32:FunWeb-K [PUP] [Avast]Tool.InstallToolbar.5 [DrWeb]Adware.Funweb-12 [ClamAV]Win32:PUP-gen [PUP] [Avast]
More aliases (48)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbrmon.exe File name: gcbrmon.exe
Size: 20.48 KB (20480 bytes)
MD5: 1dda5d18db53fb71e929a757ed540635
Detection count: 14,167
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbrmon.exe
Group: Malware file
Last Updated: July 31, 2021
C:\PROGRA~2\WEATHE~2\bar\1.bin\gcbarsvc.exe File name: gcbarsvc.exe
Size: 28.76 KB (28766 bytes)
MD5: 13c26933d5ea859a6ef552c67b26261f
Detection count: 14,142
File type: Executable File
Mime Type: unknown/exe
Path: C:\PROGRA~2\WEATHE~2\bar\1.bin\gcbarsvc.exe
Group: Malware file
Last Updated: July 31, 2021
%PROGRAMFILES%\WeatherBlink\bar\1.bin\gcbrmon.exe File name: gcbrmon.exe
Size: 20.48 KB (20480 bytes)
MD5: 5ba8a203382cb055fde6f975cd68895b
Detection count: 4,237
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\WeatherBlink\bar\1.bin
Group: Malware file
Last Updated: July 25, 2013
%PROGRAMFILES%\WeatherBlink\bar\1.bin\gcbarsvc.exe File name: gcbarsvc.exe
Size: 36.86 KB (36864 bytes)
MD5: 0e585fa90827013059dab5a0f37b2500
Detection count: 215
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\WeatherBlink\bar\1.bin
Group: Malware file
Last Updated: July 7, 2013
%PROGRAMFILES%\WeatherBlink\bar\1.bin\gcSrcAs.dll File name: gcSrcAs.dll
Size: 60.41 KB (60416 bytes)
MD5: 1b530bc105260db4be31af39c6337006
Detection count: 98
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\WeatherBlink\bar\1.bin
Group: Malware file
Last Updated: September 25, 2012
%PROGRAMFILES%\WeatherBlink\bar\1.bin\gcbar.dll File name: gcbar.dll
Size: 702.46 KB (702464 bytes)
MD5: 4f4d9afb1f64d9b0c7a6b551da7ebd98
Detection count: 98
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\WeatherBlink\bar\1.bin
Group: Malware file
Last Updated: September 25, 2012

Registry Modifications

The following newly produced Registry Values are:

CLSID{06a355b8-bde3-4eab-96d8-f7839e031142}{0e66f2be-f8b4-432e-9da0-cb3b0a78172f}{1552FE9D-B6B5-49E8-9EFF-E799D6B2285A}{17c05144-21b3-4101-8189-dadc63c559ed}{19A42F40-E285-4300-BEDF-AFFA58AC1AC2}{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}{24F5C593-9CAC-43F7-84C5-E624A93F3F5F}{25D40F93-9CD4-4B41-A542-C2521961E529}{2E162AD8-73F5-4FAF-8D97-DB206B956CC2}{2E715E15-82CF-4748-9BDD-F1925AABFCB8}{2ED066D0-4D6C-45BA-ABE7-E41136F4075D}{2FCD9401-B937-488A-8A73-88035EF537CF}{30193C45-563B-4D6B-9130-99DC79F1D4B1}{36169815-c88b-4dfd-b916-19a931fba610}{385CA7B9-9777-4564-BA39-3A1555EF5764}{393f1621-f8c2-4e27-a179-438b9f1ea6f7}{39D9A663-48D3-44CA-BC04-FDC2E82E4476}{4616951d-f1b4-4624-90ca-14e368d62f96}{4d662a10-3b3d-4794-aae6-1973d7516fc4}{51b0bcae-c8c8-458e-9c1c-bed491415989}{57255D88-1563-48F6-8F11-6CE4528AB662}{60E34B74-3C41-46D8-81AF-A3CE763AEE42}{613C5421-218A-4ABA-9CBE-A9832E6A92CF}{65CC775E-2CB8-4F38-B30E-2E5EB4CD8AAF}{710AC531-FB66-4ED3-BB1C-D996A8C061B4}{7435B6E6-626D-4A59-958F-75D47D42A8CF}{74CF76DF-FC33-464E-8E5F-7B924062EBC8}{756F4B2F-6D42-4137-BD39-15402241A683}{79A2BCE5-52F4-42CF-BEFF-ED9F601636D1}{7EE4E692-B4A5-49D6-A65B-FCA2A2442BCD}{7FFF5B88-DC6F-4873-9D2D-90EA05BFC03E}{81478fde-e670-4e65-8233-65bcb55deaf2}{85F33EFD-436E-49E3-8F22-ABC783C3874F}{8B5C134D-A826-40AC-AD48-8F6B073C3758}{8ba2cfef-a1bc-4964-aadc-33be1ae5a33c}{8C83795B-C73B-4545-B7F5-DF88BFE1A707}{8E899D62-B42E-456B-87AD-ACC4039EEF5D}{91A22890-0FDD-4EB2-93F4-A5F31AF39197}{97139AF8-9099-4897-B9EA-42E6B2B191E5}{984dbd34-51a4-4ac8-9ba7-788ece5c9e31}{9A082421-4743-4A5C-9259-0D7CD6469E51}{9b9dcae3-be34-424c-8d73-75e305a9e091}{A66F331B-51CB-42C8-B1B3-83CED369B007}{A7EC9F40-1B68-46F5-AFE7-97BCD8FF67C3}{af56afd8-9a47-416c-9621-e942ac2c40af}{b723368d-0a5e-4b26-a060-8b88821a9f26}{b9cc7880-7265-447e-9b8b-fbbada2d244b}{BBBE0E78-38F1-4F5D-AC78-D448C5B7906A}{C6D35E1E-0E34-452D-839E-7CBA59670193}{C952D1DE-5E19-4619-9921-E3A9EB35142E}{ce1e0069-1450-4762-b4c7-e5959a7ffc4e}{d229a1e0-7b36-4912-a874-0f0a4e1c039d}{D5B337A0-5A40-4E17-ACCB-A10AEFB8B73B}{dc9051c2-8f55-479a-97a4-747980d9047f}{E23C6C94-2737-499A-AB5C-9AEF37EB33D0}{e581fe6d-8a02-4075-aab2-c6d9fd413870}{EB765A26-B455-496A-9A63-D3D8D67698A8}{EB88EECE-8312-4E72-A41E-1541A57351A4}{f20de5e0-2a6e-4c54-985f-1cf59551ce39}{f48b9f6e-c417-4a6b-bdb1-4131eee187c2}{F6B1E180-389D-4C2F-9A68-5682DE3AAACB}{fa55e01e-29d3-41db-a3d4-3b49d0f76d39}File name without pathhttp_weatherblink.dl.myway.com_0.localstoragehttp_weatherblink.dl.myway.com_0.localstorage-journalhttp_weatherblink.dl.tb.ask.com_0.localstoragehttp_weatherblink.dl.tb.ask.com_0.localstorage-journalweatherblink.dl.myway[1].xmlweatherblink.dl.tb.ask[1].xmlHKEY..\..\..\..{RegistryKeys}Software\AppDataLow\Software\WeatherBlinkSOFTWARE\Classes\WeatherBlink.DynamicBarButtonSOFTWARE\Classes\WeatherBlink.DynamicBarButton.1SOFTWARE\Classes\WeatherBlink.FeedManagerSOFTWARE\Classes\WeatherBlink.FeedManager.1SOFTWARE\Classes\WeatherBlink.HTMLMenuSOFTWARE\Classes\WeatherBlink.HTMLMenu.1SOFTWARE\Classes\WeatherBlink.HTMLPanelSOFTWARE\Classes\WeatherBlink.HTMLPanel.1SOFTWARE\Classes\WeatherBlink.MultipleButtonSOFTWARE\Classes\WeatherBlink.MultipleButton.1SOFTWARE\Classes\WeatherBlink.PseudoTransparentPluginSOFTWARE\Classes\WeatherBlink.PseudoTransparentPlugin.1SOFTWARE\Classes\WeatherBlink.RadioSOFTWARE\Classes\WeatherBlink.Radio.1SOFTWARE\Classes\WeatherBlink.RadioSettingsSOFTWARE\Classes\WeatherBlink.RadioSettings.1SOFTWARE\Classes\WeatherBlink.ScriptButtonSOFTWARE\Classes\WeatherBlink.ScriptButton.1SOFTWARE\Classes\WeatherBlink.SettingsPluginSOFTWARE\Classes\WeatherBlink.SettingsPlugin.1SOFTWARE\Classes\WeatherBlink.SkinLauncherSOFTWARE\Classes\WeatherBlink.SkinLauncher.1SOFTWARE\Classes\WeatherBlink.SkinLauncherSettingsSOFTWARE\Classes\WeatherBlink.SkinLauncherSettings.1SOFTWARE\Classes\WeatherBlink.ThirdPartyInstallerSOFTWARE\Classes\WeatherBlink.ThirdPartyInstaller.1SOFTWARE\Classes\WeatherBlink.ToolbarProtectorSOFTWARE\Classes\WeatherBlink.ToolbarProtector.1SOFTWARE\Classes\WeatherBlink.UrlAlertButtonSOFTWARE\Classes\WeatherBlink.UrlAlertButton.1SOFTWARE\Classes\WeatherBlink.XMLSessionPluginSOFTWARE\Classes\WeatherBlink.XMLSessionPlugin.1Software\Microsoft\Internet Explorer\Approved Extensions\{9B9DCAE3-BE34-424C-8D73-75E305A9E091}Software\Microsoft\Internet Explorer\Approved Extensions\{DC9051C2-8F55-479A-97A4-747980D9047F}Software\Microsoft\Internet Explorer\Approved Extensions\{F20DE5E0-2A6E-4C54-985F-1CF59551CE39}Software\Microsoft\Internet Explorer\DOMStorage\weatherblink.comSoftware\Microsoft\Internet Explorer\DOMStorage\weatherblink.dl.myway.comSoftware\Microsoft\Internet Explorer\DOMStorage\weatherblink.dl.tb.ask.comSOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26bf4629-215b-45ff-97f5-590aa7a88cfe}SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58886822-e70b-47fe-bbbb-9c4039328dc2}SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5c03c42a-e055-4027-afa0-49ac44440b6e}SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71ca651f-3ebd-4f68-b36d-7f500ad1593f}SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d3cceb9b-cf8d-4bba-a605-fac88c2e18a2}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9b9dcae3-be34-424c-8d73-75e305a9e091}SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{dc9051c2-8f55-479a-97a4-747980d9047f}SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{06a355b8-bde3-4eab-96d8-f7839e031142}SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1552FE9D-B6B5-49E8-9EFF-E799D6B2285A}SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17c05144-21b3-4101-8189-dadc63c559ed}SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4616951d-f1b4-4624-90ca-14e368d62f96}SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{81478fde-e670-4e65-8233-65bcb55deaf2}SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d229a1e0-7b36-4912-a874-0f0a4e1c039d}SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fa55e01e-29d3-41db-a3d4-3b49d0f76d39}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9B9DCAE3-BE34-424C-8D73-75E305A9E091}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DC9051C2-8F55-479A-97A4-747980D9047F}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F20DE5E0-2A6E-4C54-985F-1CF59551CE39}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06A355B8-BDE3-4EAB-96D8-F7839E031142}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9B9DCAE3-BE34-424C-8D73-75E305A9E091}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D229A1E0-7B36-4912-A874-0F0A4E1C039D}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DC9051C2-8F55-479A-97A4-747980D9047F}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F20DE5E0-2A6E-4C54-985F-1CF59551CE39}SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WeatherBlink Search Scope MonitorSOFTWARE\MozillaPlugins\@WeatherBlink.com/PluginSoftware\WeatherBlinkSOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1d71ec44-6a2b-42f4-b69f-97c1d89752c8}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26bf4629-215b-45ff-97f5-590aa7a88cfe}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{359a6149-214c-4b93-8c9f-742352c5656e}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58886822-e70b-47fe-bbbb-9c4039328dc2}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5c03c42a-e055-4027-afa0-49ac44440b6e}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71ca651f-3ebd-4f68-b36d-7f500ad1593f}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d3cceb9b-cf8d-4bba-a605-fac88c2e18a2}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9b9dcae3-be34-424c-8d73-75e305a9e091}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{dc9051c2-8f55-479a-97a4-747980d9047f}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{06a355b8-bde3-4eab-96d8-f7839e031142}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1552FE9D-B6B5-49E8-9EFF-E799D6B2285A}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17c05144-21b3-4101-8189-dadc63c559ed}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4616951d-f1b4-4624-90ca-14e368d62f96}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{81478fde-e670-4e65-8233-65bcb55deaf2}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d229a1e0-7b36-4912-a874-0f0a4e1c039d}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fa55e01e-29d3-41db-a3d4-3b49d0f76d39}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WeatherBlink Search Scope MonitorSOFTWARE\Wow6432Node\MozillaPlugins\@WeatherBlink.com/PluginSOFTWARE\Wow6432Node\WeatherBlinkHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}WeatherBlinkbar Uninstall FirefoxWeatherBlinkbar Uninstall Internet ExplorerWeatherBlinkTooltab Uninstall Internet Explorer

Additional Information

The following directories were created:
%LOCALAPPDATA%\WeatherBlink%LOCALAPPDATA%\WeatherBlinkTooltab%PROGRAMFILES%\WeatherBlink%PROGRAMFILES(x86)%\WeatherBlink%USERPROFILE%\AppData\LocalLow\WeatherBlink%USERPROFILE%\Application Data\WeatherBlink
Loading...