Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

2, 3, 98, 80 13.04%
2, 3, 98, 59 4.35%
2, 3, 98, 9 78.26%
2, 3, 78, 25 4.35%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
RegEnumValueA, OpenServiceA, QueryServiceStatus, CloseServiceHandle, RegFlushKey, RegQueryValueExA, RegDeleteKeyA, RegCreateKeyExA, RegDeleteValueA, RegCloseKey, RegOpenKeyExA, RegEnumKeyExA, RegSetValueExA, RegQueryInfoKeyA, OpenSCManagerA, CreateProcessAsUserA, SetTokenInformation, GetLengthSid, DuplicateTokenEx, OpenProcessToken, RegEnumKeyA
crypt32.dll
CertFindCertificateInStore, CertFreeCertificateContext, CertCloseStore, CryptMsgClose, CryptMsgGetParam, CryptDecodeObject
gdi32.dll
GetObjectA, SetTextColor, CreateRectRgnIndirect, CreateRectRgn, GetDeviceCaps, SelectObject, SetMapMode, CreateFontIndirectA, CreateCompatibleBitmap, CreatePalette, BitBlt, GetDIBits, CreateDIBSection, LineTo, MoveToEx, CreatePen, TextOutA, GetTextExtentExPointA, SetBkMode, CreateSolidBrush, GetBitmapBits, RectInRegion, OffsetRgn, SelectClipRgn, DeleteDC, SetPixel, GetBkColor, SelectClipPath, EndPath, CloseFigure, BeginPath, CreateBitmap, GetPixel, UpdateColors, GetObjectType, GetTextMetricsA, GetTextColor, GetStockObject, GetTextExtentPoint32A, GetTextExtentPoint32W, GetRgnBox, SetBkColor, ExtTextOutA, DeleteObject, OffsetWindowOrgEx, SetWindowOrgEx, CreateCompatibleDC, RealizePalette, SelectPalette
kernel32.dll
GlobalFree, GlobalAlloc, SetLastError, lstrcpynW, lstrcmpiW, GetModuleFileNameA, GetShortPathNameA, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, IsDBCSLeadByte, GetSystemDirectoryA, lstrcmpiA, DisableThreadLibraryCalls, HeapAlloc, GetSystemInfo, GetVersionExA, HeapCreate, RemoveDirectoryA, CopyFileA, SetFileAttributesA, HeapDestroy, CreateThread, ResetEvent, GetFileAttributesA, GetLocalTime, MoveFileA, FindClose, FindNextFileA, FindFirstFileA, DebugBreak, HeapReAlloc, HeapFree, SetCurrentDirectoryA, LockResource, SetEndOfFile, SetFilePointer, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, FlushFileBuffers, SetFileTime, GetFileTime, SetThreadPriority, ResumeThread, CallNamedPipeA, CompareFileTime, SystemTimeToFileTime, GetUserDefaultLangID, GetSystemTimeAsFileTime, WritePrivateProfileSectionA, GetPrivateProfileIntA, GetPrivateProfileStringA, lstrcpyW, GetWindowsDirectoryA, GetCommandLineA, GetDriveTypeA, GetCurrentDirectoryA, WaitForMultipleObjects, WritePrivateProfileStringA, DeleteFileA, CreateProcessA, CreateFileA, GetFileSize, ReadFile, WriteFile, GetExitCodeProcess, LoadLibraryA, FreeLibrary, GetLastError, GetProcAddress, GetTickCount, ReleaseMutex, lstrcpynA, lstrcatA, CreateDirectoryA, OpenFileMappingA, DuplicateHandle, CreateMutexA, GlobalLock, GlobalUnlock, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, lstrcpyA, GetModuleHandleA, GetCurrentProcessId, lstrcmpA, lstrlenW, InterlockedDecrement, InterlockedIncrement, GetCurrentProcess, FlushInstructionCache, GetCurrentThreadId, VirtualQuery, VirtualProtect, CreateEventA, WaitForSingleObject, CloseHandle, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, SetEvent, LocalFree, SearchPathA, lstrcatW, GetModuleFileNameW
ole32.dll
OleSetClipboard, OleFlushClipboard, CreateOleAdviseHolder, OleRegGetMiscStatus, OleRegGetUserType, OleRegEnumVerbs, CLSIDFromString, StringFromGUID2, CoTaskMemRealloc, CoTaskMemAlloc, CreateStreamOnHGlobal, CoTaskMemFree, CoFreeUnusedLibraries, GetHGlobalFromStream, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, CoCreateGuid, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, CLSIDFromProgID
oleacc.dll
AccessibleObjectFromEvent, AccessibleChildren, WindowFromAccessibleObject, AccessibleObjectFromWindow
shell32.dll
SHGetMalloc, ShellExecuteA, SHGetPathFromIDListA, SHGetSpecialFolderLocation
user32.dll
DllMain
version.dll
GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
Export table
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
E
H
O
S
Update

mwsBar.dll

My Web Search Bar for Internet Explorer, FireFox, email clients, and messenger clients by Mindspark Interactive Network (Signed)

Remove mwsBar.dll
Version:   2, 3, 98, 9
MD5:   2477b5127eae0ec82a7cc8622a28e850
SHA1:   9043abe648d97e1e9d68498c22e6f733e520cefd
SHA256:   36a00da79d27f38453c604e842cb9e1542dfc07d0f04f43df4d895b3da81a31f
Warning 9 antivirus scanners has detected malware.

What is mwsBar.dll?

My Web Search by the Mindspark Interactive Network is a browser toolbar, part of the Fun Web Products suite of potentially unwanted applications such as Smiley Central, Cursor Mania, Popular Screensavers and others. The toolbar provides access to search engine results and a 404 Error Redirector among other things to your browser. The My Web Search toolbar could slow down your PC and uses cookies to track your web surfing usage and habits.

About mwsBar.dll (from Mindspark Interactive Network)

MyWebSearch brings together the most comprehensive collection of search tools available to provide you with the information you need when you need it.

Overview

mwsbar.dll is malware that is loaded as dynamic link library that runs in the context of Internet Explorer. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). It is installed in Internet Explorer as a Browser Helper Object (BHO) which has full acess to the web browser's behaviors and content. The file is digitally signed by Mindspark Interactive Network which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:mwsbar.dll
Publisher:MyWebSearch.com
Product name:My Web Search Bar for Internet Explorer, FireFox, email clients, and messenger clients
Description:My Web Search
Typical file path:C:\Program Files\mywebsearch\bar\1.bin\mwsbar.dll
File version:2, 3, 98, 9
Size:813.51 KB (833,032 bytes)
Certificate
Issued to:Mindspark Interactive Network
Authority (CA):VeriSign
Expiration date:Wednesday, May 6, 2015
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
  • BHO CLSID: {07B18EA1-A523-4961-B6BB-170DE4475CCA}
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'My Web Search Bar' → rundll32 C:\Program Files1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
Internet Explorer toolbars
Located in the registry at 'SOFTWARE\Microsoft\Internet Explorer\Toolbar'
  • CLSID: {07B18EA9-A523-4961-B6BB-170DE4475CCA}
Internet Explorer web browsers
Located in the registry at 'SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser'
  • CLSID: {07B18EA9-A523-4961-B6BB-170DE4475CCA}
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
  • 'MyWebSearch bar Uninstall' → rundll32 C:\Program Files2\UNINST~1.DLL,O -2

MalwareMalware detections

Based on 40+ industry antivirus scanners, 9 of them detected the following malware.
Antivirus engineEngine versionDetection
AhnLab V3 Internet Security 2013.04.03 PUP/Win32.MyWebSearch
avast! 6.0.1289.0 Win32:FunWeb-K [PUP]
AVG 2014.0.3629 AdInstaller.FunWeb
Clam AntiVirus 0.97.3.0 Adware.FunWebProducts-5
Comodo Internet Security 15799 Application.Win32.WebToolbar.MyWebSearch
eSafe 7.0.17.0 Win32.Trojan
ESET NOD32 7.8187 a variant of Win32/Toolbar.MyWebSearch.K
SUPERAntiSpyware 5.6.0.1008 PUP.MyWebSearch
VIPRE Antivirus 16524 MyWebSearch.J (v) (not malicious)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 43.48%
Windows 7 Ultimate N 34.78%
Windows 7 Ultimate 13.04%
Windows 7 Home Premium 8.70%

Distribution by countryDistribution by country

United States installs about 46.15% of My Web Search Bar for Internet Explorer, FireFox, email clients, and messenger clients.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
GIGABYTE 100.00%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE