home

guninstaller.exe

Uninstaller

Visual Tools

The application guninstaller.exe, “Uninstaller Application” by Visual Tools has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Bueno Chrome Toolbar by BuenoSearch. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Babylon Ltd.  (signed by Visual Tools)

Product:
Uninstaller

Description:
Uninstaller Application

Version:
9.1.3.4

MD5:
00e0eecfe1cf1e6e4600e1d69f1234cc

SHA-1:
e8759f1d9566475d2735d9a61d3ae6fb8be0c756

SHA-256:
91dd1bc4b75b157378d0089973402ca9c9b685dd16b864e2899ebf985fc4b45d

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
11/23/2024 4:00:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon (M)
17.3.4.15

File size:
490 KB (501,744 bytes)

Product version:
9.1.3.4

Copyright:
Copyright © Babylon Ltd. 1997-2013

Original file name:
Uninstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\babsolution\shared\guninstaller.exe

Digital Signature
Signed by:
Visual Tools

Authority:
Thawte, Inc.

Valid from:
1/10/2013 7:00:00 AM

Valid to:
1/11/2015 6:59:59 AM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789958B0264F06055619270074AFA61F

File PE Metadata
Compilation timestamp:
12/17/2013 7:47:35 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x323EB

Entry point:
E8, 67, C0, 00, 00, E9, 7F, FE, FF, FF, 53, 8B, DC, 51, 51, 83, E4, F0, 83, C4, 04, 55, 8B, 6B, 04, 89, 6C, 24, 04, 8B, EC, 8B, 4B, 08, 66, 8B, 53, 0C, 83, EC, 20, 83, 3D, 88, 7B, 46, 00, 01, 7C, 48, 0F, B7, C2, 66, 0F, 6E, C0, F2, 0F, 70, C0, 00, 66, 0F, 70, D0, 00, 8B, C1, 25, FF, 0F, 00, 00, 3D, F0, 0F, 00, 00, 77, 3E, F3, 0F, 6F, 01, 66, 0F, EF, C9, 66, 0F, 75, C8, 66, 0F, 75, C2, 66, 0F, EB, C8, 66, 0F, D7, C1, 85, C0, 75, 34, 83, C1, 10, EB, D1, 66, 3B, C2, 74, 0B, 83, C1, 02, 0F, B7, 01, 66, 85, C0...
 
[+]

Code size:
300 KB (307,200 bytes)

Program Uninstaller
Program name:
Bueno Chrome Toolbar

Display publisher:
BuenoSearch

Uninstall string:
"C:\users\{user}\appdata\roaming\babsolution\shared\guninstaller.exe" -key "bueno chrome toolbar" -rmkey -rmbus "bueno chrome toolbar" -ask -plgdll ntredirect -nontfy


Remove guninstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.