home

allgenius.dll

allgenius

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module allgenius.dll by allgenius has been detected as adware by 22 anti-malware scanners. This file is typically installed with the program allgenius by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. The file has been seen being downloaded from install-cdn.allgenius.info.
Publisher:
allgenius  (signed and verified)

Product:
allgenius

Version:
1.0.0.3

MD5:
f5e457e21de50cd35ea5417d9a3da679

SHA-1:
24866f4b420bb66d4d98b981f1473b6a315ee4cc

SHA-256:
cd6db7d0e3d0584e9c547286ab6e9a38d04c947671d50670315d8307f5a018e9

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
1/13/2025 5:37:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.G
856

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/BrowseFox.Gen2
7.11.175.18

AVG
BrowseFox.F
2015.0.3334

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14102

Bitdefender
Adware.BrowseFox.G
1.0.20.1375

Clam AntiVirus
Win.Adware.Browsefox-7
0.98/21411

Comodo Security
Application.Win32.BrowseFox.JM
19647

Dr.Web
Trojan.BPlug.141
9.0.1.0275

Emsisoft Anti-Malware
Adware.BrowseFox
8.14.10.02.02

ESET NOD32
Win32/BrowseFox (variant)
8.10478

F-Secure
Adware.BrowseFox.G
11.2014-02-10_5

G Data
Adware.BrowseFox
14.10.24

Malwarebytes
PUP.Optional.Allgenius.A
v2014.10.02.02

McAfee
BrowseFox
5600.6990

MicroWorld eScan
Adware.BrowseFox.G
15.0.0.825

NANO AntiVirus
Trojan.Win32.BPlug.ddwtte
0.28.2.62286

nProtect
Trojan-Clicker/W32.LinkSwift.250144
14.09.28.01

Reason Heuristics
PUP.allgenius.J
14.10.2.2

SUPERAntiSpyware
Adware.BrowseFox/Variant
10325

VIPRE Antivirus
Yontoo
33508

Zillya! Antivirus
Backdoor.PePatch.Win32.44267
2.0.0.1936

File size:
244.3 KB (250,144 bytes)

Product version:
1.0.0.3

Copyright:
(c) allgenius. All rights reserved.

Original file name:
allgeniusIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\ff8cdq1w\allgenius.dll

Digital Signature
Signed by:
allgenius

Authority:
VeriSign, Inc.

Valid from:
4/22/2014 2:00:00 AM

Valid to:
4/23/2015 1:59:59 AM

Subject:
CN=allgenius, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=allgenius, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
570352A91D1B96E64EC15703FDAF2405

File PE Metadata
Compilation timestamp:
9/26/2014 8:48:17 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:C9Botzn5MrRY/xRyklvnnDSuDTci+G3IaInhNkzx9:CGzn5MtY/LyijIhGzx9

Entry address:
0x12854

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 80, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 24, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 0C, A5, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

The file allgenius.dll has been discovered within the following programs.

allgenius  by Yontoo Technology, Inc.
allgenius is an adware program that runs within the user's web browser and will modify various browser settings such as changing the search provider.
allgenius.info/support
80% remove it
Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
 
Powered by Should I Remove It?

The file allgenius.dll has been seen being distributed by the following URL.

http://install-cdn.allgenius.info/bed?bet=3

Remove allgenius.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.