SPHELPER.DLL is Adware BonusCash

August 6, 2012 by NightWatcher
Filed under: Adware 
: Solved!

Fix it immediately:

We received the file SPHELPER.DLL and detected that SPHELPER.DLL is not good.
SPHELPER.DLL is Adware. You should remove the file SPHELPER.DLL.
Kill the process SPHELPER.DLL and remove SPHELPER.DLL from Windows.

Malware Analysis of SPHELPER.DLL
Full path on a computer: %Program Files%\SearchPot\SPHelper.dll

Detected by UnHackMe:

Item Name: SearchPot
Author:
Related File: %PROGRAM FILES%\SEARCHPOT\SEARCHPOT.EXE
Type: Registry Run

Item Name: SearchPot.exe
Author:
Related File: %PROGRAM FILES%\SEARCHPOT\SEARCHPOT.EXE
Type: Running Processes

Item Name: {401E5CE3-2E10-46DA-9073-7DB0CA9797B3}
Author:
Related File: %PROGRAM FILES%\SEARCHPOT\SPHELPER.DLL
Type: Browser Helper Objects

Removal Results: Success
Number of reboot: 1

SPHELPER.DLL is known as:

Adware.BonusCash

SPHELPER.DLL hash:

  • MD5: 16eda315e45a3a4400404368f1c0c6bb
The file tries to connect to the dangerous web site.
How to quickly detect SPHELPER.DLL presence?

Registry:
  • HKLM\Software\Classes\CLSID\{401E5CE3-2E10-46DA-9073-7DB0CA9797B3}\InprocServer32\: “%Program Files%\SearchPot\SPHelper.dll”
  • HKLM\Software\Classes\CLSID\{7CD7FF83-EBD1-423C-BFE5-E442BE6F4C99}\InprocServer32\: “%Program Files%\SearchPot\SearchPot.dll”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SearchPot: “%Program Files%\SearchPot\SearchPot.exe”
Folders:
  • %Program Files%\SearchPot
Files:
  • %Program Files%\SearchPot\SearchPot.dll
  • %Program Files%\SearchPot\SearchPot.exe
  • %Program Files%\SearchPot\SPHelper.dll
  • %Program Files%\SearchPot\uninstall.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Adware, BonusCash, SPHELPER.DLL

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.