Should I remove Function Key Lid?
What percent of users and experts removed it?
83% remove it17% keep it
What do people think about it?
(click star to rate)
How common is it?
Reach 0.0004%
Versions
Version | Distribution |
1.0.0.0 |
100.00% |
|
Function Key Lid
What is Function Key Lid?
This is a WinCheck/CMI (variant) adware/browser hijacker variant that injects code into the user's web browser (IE, Chrome and Firefox). It is known as an ad-injector, a malicious process that once inside the web browser will hijack existing advertisements of underlying web sites (not associated with the website itself). It will also inject new ads in white space on the site or images that have standard banner sizes. These ads are typically for promoting shopping discount coupons, ads for PC optimizers or bundled PUP offers, or malvertising since it runs on sketchy ad networks.This runs as a startup process called WinCheck in the user's startup registry (Run key) and will execute each time the computer is restarted and the user logs in.
How do you know if you are infected? First, if you have this program installed then this adware is most likely still running. Next, you see ads in the browser that say something like "Ads by WinCheck".
Overview
During setup, the program creates a startup registration point in Windows in order to automatically start when any user boots the PC. The primary executable is named bnsy5557.exe. A majority of users end up uninstalling this less than a week of it being installed.
- Malware detected in the program
- Automatically starts with Windows
- Displays unwanted advertisements
- The experts agree, you should remove it!
Warning, multiple anti-virus scanners have detected possible malware in Function Key Lid.
bnsy5557.exe (612010cd012d42159b105fe11291965d) has been flagged by the following 32 scanners: |
Anti-Virus software | Version | Detection |
Lavasoft Ad-Aware |
537 |
Trojan.GenericKD.2466438 |
Agnitum Outpost |
7.1.1 |
PUA.ConvertAd |
AhnLab-V3 |
2015.07.12 |
PUP/Win32.ConvertAd |
ALYac |
1.0.1.4 |
Trojan.GenericKD.2466438 |
Arcabit |
1.0.0.425 |
Trojan.Generic.D25A286 |
avast! |
2014.9-150816 |
Win32:Adware-gen [Adw] |
AVG |
2016.0.3015 |
Generic_r |
AVware |
1.5.0.21 |
Trojan.Win32.Generic!BT |
Baidu-International |
4.0.3.15816 |
Adware.Win32.ConvertAd.RR |
Bitdefender |
1.0.20.1140 |
Trojan.GenericKD.2466438 |
Comodo Security |
22737 |
UnclassifiedMalware |
Cyren |
5.4.16.7 |
W32/Adware.ISYK-8579 |
Emsisoft Anti-Malware |
8.15.08.16.06 |
Trojan.GenericKD.2466438 |
ESET-NOD32 |
9.11926 |
a variant of Win32/Adware.ConvertAd.RR |
Fortinet FortiGate |
8/16/2015 |
Riskware/ConvertAd |
F-Secure |
11.2015-16-08_1 |
Trojan.GenericKD.2466438 |
G Data |
15.8.25 |
Trojan.GenericKD.2466438 |
IKARUS anti.virus |
t3scan.1.9.5.0 |
Trojan-PWS.Win32.Zbot |
K7 AntiVirus |
13.205.16532 |
Adware |
K7GW |
13.205.16532 |
Adware ( 004c4ec71 ) |
Malwarebytes |
v2015.08.16.06 |
PUP.Optional.ConvertAd |
McAfee |
5600.6671 |
RDN/Generic PUP.x!cxm |
McAfee-GW-Edition |
7.6671 |
RDN/Generic PUP.x!cxm |
MicroWorld-eScan |
16.0.0.684 |
Trojan.GenericKD.2466438 |
NANO AntiVirus |
0.30.24.2487 |
Riskware.Win32.ConvertAd.dstdrl |
nProtect |
15.07.10.01 |
Trojan.GenericKD.2466438 |
Panda Antivirus |
15.08.16.06 |
Generic Suspicious |
Symantec |
8/16/2015 rev. 1 |
PUA.VOPackage |
Tencent |
1.0.0.1 |
Win32.Trojan.Generic.Wkvg |
Trend Micro |
10.465.16 |
TROJ_GEN.R047C0EFB15 |
VIPRE Antivirus |
41928 |
Trojan.Win32.Generic!BT |
Zillya |
2.0.0.2282 |
Adware.ConvertAd.Win32.932 |
View all 32 all detections
Program details
Installation folder: C:\users\user\appdata\local\00000000-1433425549-0000-0000-d8cb8a542a19
Uninstaller: "C:\users\user\appdata\Local\00000000-1433425549-0000-0000-D8CB8A542A19\uninstall.exe"
Files installed by Function Key Lid
Program executable: | bnsy5557.exe (Malware detected) |
Path: | C:\users\user\appdata\local\00000000-1433425549-0000-0000-d8cb8a542a19\bnsy5557.exe |
MD5: | 612010cd012d42159b105fe11291965d |
Additional files:
Behaviors exhibited
Startup File (All Users Run)
- bnsy5557.exe is loaded in the all users (HKLM) registry as a startup file name 'WinCheck' which loads as C:\users\user\appdata\Local\C861EB01-1434123822-72A9-D566-AC220B4F4C36\bnst1B8E.exe.
How do I remove Function Key Lid?
You can uninstall Function Key Lid from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program Function Key Lid, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove Function Key Lid.
- If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.
OS VERSIONS
Win 7 (SP1) 63%
Win XP 13%
|
|
HOW IT STARTS
Automatically starts? Yes
(Found in the run registry)
|
|
USER ACTIONS
|
Uninstall it 83%
Keep it 17%
|
|
Windows
Which Windows OS versions does it run on?
Windows 7 |
87.50% |
|
Windows XP |
12.50% |
|
Which OS releases does it run on? |
Windows 7 Ultimate |
37.50% |
|
Windows 7 Home Premium |
25.00% |
|
Microsoft Windows XP |
12.50% |
|
Windows 7 Home Basic |
12.50% |
|
Windows 7 Professional |
12.50% |
|
Geography
64.29% of installs come from the United States
Which countries install it?
United States |
64.29% |
Brazil |
14.29% |
Germany |
14.29% |
Russia |
7.14% |
PC manufacturers
What PC manufacturers (OEMs) have it installed?
ASUS |
25.00% |
|
Sahara |
25.00% |
|
Medion |
25.00% |
|
Dell |
25.00% |
|
Common models |
Positivo Informatica SA C... |
16.67% |
|
MSI MS-7721 |
16.67% |
|
Medion E7222 |
16.67% |
|
FUJITSU SIEMENS D1527 |
16.67% |
|
Dell Inspiron One 2330 |
16.67% |
|
ASUS All Series |
16.67% |
|