Solved! Use 39DATACT.DLL (Adware MyWebSearch) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

39DATACT.DLL – Adware MyWebSearch removal

File MD5 Virus Alias
39DATACT.DLL 5fea0081f2bf39ac0bef44e86b52c4dc Adware MyWebSearch

39DATACT.DLL size: 160840 bytes
39DATACT.DLL hash: 5FEA0081F2BF39AC0BEF44E86B52C4DC

Created files:

%Program Files%\MapsGalaxy_39\bar\1.bin\39auxstb.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39auxstb64.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39bar.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39barsvc.exe
%Program Files%\MapsGalaxy_39\bar\1.bin\39bprtct.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39brmon.exe
%Program Files%\MapsGalaxy_39\bar\1.bin\39brmon64.exe
%Program Files%\MapsGalaxy_39\bar\1.bin\39brstub.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39brstub64.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39datact.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39dlghk.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39dlghk64.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39feedmg.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39highin.exe
%Program Files%\MapsGalaxy_39\bar\1.bin\39hkstub.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39htmlmu.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39httpct.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39idle.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39ieovr.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39medint.exe
%Program Files%\MapsGalaxy_39\bar\1.bin\39mlbtn.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39Plugin.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39radio.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39regfft.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39reghk.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39regiet.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39script.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39skin.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39skplay.exe
%Program Files%\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39SrchMn.exe
%Program Files%\MapsGalaxy_39\bar\1.bin\39srchmr.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\39tpinst.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\APPINTEGRATOR.EXE
%Program Files%\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe
%Program Files%\MapsGalaxy_39\bar\1.bin\APPINTEGRATORSTUB.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\AppIntegratorStub64.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\ASSISTMONITOR.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\ASSISTMONITOR64.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
%Program Files%\MapsGalaxy_39\bar\1.bin\CREXT.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\CrExtP39.exe
%Program Files%\MapsGalaxy_39\bar\1.bin\DPNMNGR.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\EXEMANAGER.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\FF-NativeMessagingDispatcher.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\Hpg64.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\NP39Stub.dll
%Program Files%\MapsGalaxy_39\bar\1.bin\T8EPMSUP.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\T8EXTEX.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\T8EXTPEX.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\T8HTML.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\T8RES.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\T8TICKER.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\TPIMANAGERCONSOLE.EXE
%Program Files%\MapsGalaxy_39\bar\1.bin\UNIFIEDLOGGING.DLL
%Program Files%\MapsGalaxy_39\bar\1.bin\VERIFY.DLL
%Temp%\00003c70T8SETUP.EXE
%Temp%\00003c70T8SETUP.EX_

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MapsGalaxy Home Page Guard 32 bit: “C:\PROGRA~1\MAPSGA~1\bar\1.bin\AppIntegrator.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MapsGalaxy Search Scope Monitor: “C:\PROGRA~1\MAPSGA~1\bar\1.bin\39srchmn.exe” /m=2 /w /h
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MapsGalaxy_39 Browser Plugin Loader: C:\PROGRA~1\MAPSGA~1\bar\1.bin\39brmon.exe
HKLM\System\CurrentControlSet\Services\MapsGalaxy_39Service\Type: 10000000
HKLM\System\CurrentControlSet\Services\MapsGalaxy_39Service\Start: 02000000
HKLM\System\CurrentControlSet\Services\MapsGalaxy_39Service\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\MapsGalaxy_39Service\DisplayName: MapsGalaxyService
HKLM\System\CurrentControlSet\Services\MapsGalaxy_39Service\ImagePath: %Program Files%\MapsGalaxy_39\bar\1.bin\39barsvc.exe

Detected by UnHackMe:

39DATACT.DLL
Default location: %PROGRAM FILES%\MAPSGALAXY_39\BAR\1.BIN\39DATACT.DLL

Dropper information:
MD5: 7b67078b8e4b11b421036aef19916570
File size: 6072704 bytes

Leave a Reply