VPLAYR.EXE is Trojan Downloader

: Solved!

You should Download Removal Tool here...

The file VPLAYR.EXE is identified as a virus dropper.
The dropper VPLAYR.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file VPLAYR.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the VPLAYR.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the VPLAYR.EXE process and delete the file VPLAYR.EXE.

Malware Analysis of VPLAYR.EXE
Full path on a computer: %TEMP%\VPLAYR.EXE

Detected by UnHackMe:

VPLAYR.EXE
Default location: %TEMP%\VPLAYR.EXE

Removal Results: Success
Number of reboot: 1

VPLAYR.EXE is known as:

Trojan Downloader

How to quickly detect VPLAYR.EXE presence?

Files:
  • %TEMP%\VPLAYR.EXE
  • %TEMP%\VMPLAYR.EXE
  • %TEMP%\VPLAYR.EXE.INI


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

ADO.EXE is Trojan Downloader

: Solved!

You should Download Removal Tool here...

The file ADO.EXE is identified as a virus dropper.
The dropper ADO.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file ADO.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the ADO.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the ADO.EXE process and delete the file ADO.EXE.

Malware Analysis of ADO.EXE
Full path on a computer: %PROGRAM FILES COMMON%\SYSTEM\ADO\ADO.EXE

Detected by UnHackMe:

ADO.EXE
Default location: %PROGRAM FILES COMMON%\SYSTEM\ADO\ADO.EXE

Removal Results: Success
Number of reboot: 1

ADO.EXE is known as:

Trojan Downloader

How to quickly detect ADO.EXE presence?

Files:
  • %SYSTEMDRIVE%\FAR2\DONE.EXE
  • %SYSTEMDRIVE%\FAR2\PLUGINSDK\DONE.EXE
  • %SYSTEMDRIVE%\FAR2\PLUGINSDK\HEADERS.PAS\DONE.EXE
  • %PROGRAM FILES COMMON%\MICROSOFT SHARED\MICROSOFT SHARED.EXE
  • %PROGRAM FILES COMMON%\SYSTEM\ADO\ADO.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

BINDER BY ALI BDAER.EXE is Trojan Midgare

: Solved!

You should Download Removal Tool here...

We checked up the file BINDER BY ALI BDAER.EXE and found it hazardous.
The file BINDER BY ALI BDAER.EXE must be deleted from the system immediately.
Kill the process BINDER BY ALI BDAER.EXE and remove BINDER BY ALI BDAER.EXE from the Windows startup.

Malware Analysis of BINDER BY ALI BDAER.EXE
Full path on a computer: %TEMP%\BINDER BY ALI BDAER\BINDER BY ALI BDAER.EXE

Detected by UnHackMe:

BINDER BY ALI BDAER.EXE
Default location: %TEMP%\BINDER BY ALI BDAER\BINDER BY ALI BDAER.EXE

Removal Results: Success
Number of reboot: 1

BINDER BY ALI BDAER.EXE is known as:

Trojan Midgare

BINDER BY ALI BDAER.EXE hash:

    MD5: 565FD64DBEC387EA4427B46C1BFB4686
How to quickly detect BINDER BY ALI BDAER.EXE presence?

Files:
  • %TEMP%\BINDER BY ALI BDAER\BINDER BY ALI BDAER.EXE
  • %TEMP%\BINDER BY ~DR.MOT~.EXE
  • %TEMP%\DW.LOG
  • %TEMP%\E653D73E45833B6C


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

M1.EXE is Trojan Downloader

: Solved!

You should Download Removal Tool here...

We checked up the file M1.EXE and found it hazardous.
The file M1.EXE must be deleted from the system immediately.
Kill the process M1.EXE and remove M1.EXE from the Windows startup.

Malware Analysis of M1.EXE
Full path on a computer: %TEMP%\M1.EXE

Detected by UnHackMe:

M1.EXE
Default location: %TEMP%\M1.EXE

Removal Results: Success
Number of reboot: 1

M1.EXE is known as:

Trojan Downloader

How to quickly detect M1.EXE presence?

Files:
  • %SYSDIR%\XULEHLP.DLL
  • %SYSDIR%\XILEHLP.DLL
  • %PROGRAM FILES COMMON%\SHARED\GUARDER.EXE
  • %TEMP%\72F4D6.TP
  • %TEMP%\M1.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

SKYPESET.EXE is Trojan AVKill

: Solved!

You should Download Removal Tool here...

We checked some samples of SKYPESET.EXE and detected the file SKYPESET.EXE as threat.
Remove the SKYPESET.EXE file from your computer right now.
Removal tool: http://www.unhackme.com

Malware Analysis of SKYPESET.EXE
Full path on a computer: %APPDATA%\SKYPESET.EXE

Detected by UnHackMe:

SKYPESET.EXE
Default location: %APPDATA%\SKYPESET.EXE

Removal Results: Success
Number of reboot: 1

SKYPESET.EXE is known as:

Trojan AVKill

How to quickly detect SKYPESET.EXE presence?

Files:
  • %APPDATA%\SKYPESET.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

DNSOLOGON.EXE is Trojan Blocker.288768.C

: Solved!

You should Download Removal Tool here...

The file DNSOLOGON.EXE is malware related.
You must delete the file DNSOLOGON.EXE immediately!
Delete the file DNSOLOGON.EXE without delay!
Kill the process DNSOLOGON.EXE and remove DNSOLOGON.EXE from the Windows startup.

Malware Analysis of DNSOLOGON.EXE
Full path on a computer: %SysDir%\dnsologon.exe

Detected by UnHackMe:

Item Name: userinit.exe
Author: Unknown
Related File: %SYSDIR%\DNSOLOGON.EXE
Type: Image Executions Debugger

Removal Results: Success
Number of reboot: 1

DNSOLOGON.EXE is known as:

Trojan.Blocker.288768.C, ZeroAccess, Trojan.Bebloh, Trojan.Zeroaccess.g46, Trojan-Ransom.Blocker.bomu, Trojan.Blocker.HZLjhfsh0IM, Trojan.Agent.Gen-Bublik, Mal.EncPk-AIT, Trojan.DownLoader9.44492, TR.Bublik.B.43, Trojan.Bublik.B, Trojan.Bublik, Trojan.Zeroaccess, Win32.Spy.Bebloh.J, W32.Blocker.BOMU.tr

DNSOLOGON.EXE hash:

  • MD5: 0d70023d5cffeea2c8d2b37b147a96a8
How to quickly detect DNSOLOGON.EXE presence?

Files:
  • %SysDir%\dnsologon.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

GREEN.TMP is Trojan Downloader

: Solved!

You should Download Removal Tool here...

The file GREEN.TMP is malware related.
You must delete the file GREEN.TMP immediately!
Delete the file GREEN.TMP without delay!
Kill the process GREEN.TMP and remove GREEN.TMP from the Windows startup.

Malware Analysis of GREEN.TMP
Full path on a computer: %TEMP%\IS-GOOIH.TMP\GREEN.TMP

Detected by UnHackMe:

GREEN.TMP
Default location: %TEMP%\IS-GOOIH.TMP\GREEN.TMP

Removal Results: Success
Number of reboot: 1

GREEN.TMP is known as:

Trojan Downloader

How to quickly detect GREEN.TMP presence?

Files:
  • %PROGRAMFILES%\GREENF\IS-UQBEQ.TMP
  • %PROGRAMFILES%\GREENF\IS-407AN.TMP
  • %PROGRAMFILES%\GREENF\IS-1871G.TMP
  • %TEMP%\IS-FB22B.TMP\_ISETUP\_ISDECMP.DLL
  • %TEMP%\IS-GOOIH.TMP\GREEN.TMP


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

SARA.EXE is Trojan Downloader

: Solved!

You should Download Removal Tool here...

The file SARA.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete SARA.EXE we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of SARA.EXE
Full path on a computer: %TEMP%\SARA.EXE

Detected by UnHackMe:

SARA.EXE
Default location: %TEMP%\SARA.EXE

Removal Results: Success
Number of reboot: 1

SARA.EXE is known as:

Trojan Downloader

How to quickly detect SARA.EXE presence?

Files:
  • %SYSTEMDRIVE%\EXTRACTED\SERVER.EXE
  • %TEMP%\SARA.EXE
  • %TEMP%\SFX.INI


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

SH.VBS is Trojan MulDrop4

: Solved!

You should Download Removal Tool here...

The file SH.VBS is malware related.
You must delete the file SH.VBS immediately!
Delete the file SH.VBS without delay!
Kill the process SH.VBS and remove SH.VBS from the Windows startup.

Malware Analysis of SH.VBS
Full path on a computer: %TEMP%\RARSFX0\SH.VBS

Detected by UnHackMe:

SH.VBS
Default location: %TEMP%\RARSFX0\SH.VBS

Removal Results: Success
Number of reboot: 1

SH.VBS is known as:

Trojan MulDrop4

How to quickly detect SH.VBS presence?

Files:
  • %TEMP%\RARSFX0\WINLOGON.EXE
  • %TEMP%\RARSFX0\EXTRA.DAT
  • %TEMP%\RARSFX0\PROCS\PROC.DAT
  • %TEMP%\RARSFX0\SED.EXE
  • %TEMP%\RARSFX0\SH.VBS


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

WCENTER96.EXE is Trojan Btcmine

: Solved!

You should Download Removal Tool here...

Is the file WCENTER96.EXE located on your computer? Then your computer is infected.
We do suggest you should remove WCENTER96.EXE from your computer as soon as possible.
WCENTER96.EXE is Trojan/Backdoor.
Kill the process WCENTER96.EXE and remove WCENTER96.EXE from the Windows startup.

Malware Analysis of WCENTER96.EXE
Full path on a computer: %APPDATA%\MICROSOFT\WCENTER96.EXE

Detected by UnHackMe:

WCENTER96.EXE
Default location: %APPDATA%\MICROSOFT\WCENTER96.EXE

Removal Results: Success
Number of reboot: 1

WCENTER96.EXE is known as:

Trojan Btcmine

How to quickly detect WCENTER96.EXE presence?

Files:
  • %APPDATA%\MICROSOFT\WCENTER96.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

ESESA.EXE is Trojan Downloader

: Solved!

You should Download Removal Tool here...

Is the file ESESA.EXE located on your computer? Then your computer is infected.
We do suggest you should remove ESESA.EXE from your computer as soon as possible.
ESESA.EXE is Trojan/Backdoor.
Kill the process ESESA.EXE and remove ESESA.EXE from the Windows startup.

Malware Analysis of ESESA.EXE
Full path on a computer: %PROGRAMFILES%\DOCMENTT\ESESA.EXE

Detected by UnHackMe:

ESESA.EXE
Default location: %PROGRAMFILES%\DOCMENTT\ESESA.EXE

Removal Results: Success
Number of reboot: 1

ESESA.EXE is known as:

Trojan Downloader

How to quickly detect ESESA.EXE presence?

Files:
  • %SYSDIR%\GHJIK.DLL
  • %TEMP%\375O540.BAT
  • %SYSDIR%\PMJBAZ.EXE
  • %SYSDIR%\DLLCACHE\HCBP4.DLL
  • %PROGRAMFILES%\DOCMENTT\ESESA.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

FBSHARE2.EXE is Trojan Downloader

: Solved!

You should Download Removal Tool here...

The file FBSHARE2.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete FBSHARE2.EXE we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of FBSHARE2.EXE
Full path on a computer: %PROGRAMFILES%\FBSHARE2\FBSHARE2.EXE

Detected by UnHackMe:

FBSHARE2.EXE
Default location: %PROGRAMFILES%\FBSHARE2\FBSHARE2.EXE

Removal Results: Success
Number of reboot: 1

FBSHARE2.EXE is known as:

Trojan Downloader

How to quickly detect FBSHARE2.EXE presence?

Files:
  • %PROFILE%\DESKTOP\FBSHARE2.LNK
  • %TEMP%\SECURITY.EXE
  • %PROGRAMFILES%\FBSHARE2\FBSHARE2.EXE
  • %PROFILE%\LOCAL SETTINGS\TEMPFBSHARE.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

APPSAFE_I323100.EXE is Trojan AVKill

: Solved!

You should Download Removal Tool here...

The file APPSAFE_I323100.EXE is malware related.
You must delete the file APPSAFE_I323100.EXE immediately!
Delete the file APPSAFE_I323100.EXE without delay!
Kill the process APPSAFE_I323100.EXE and remove APPSAFE_I323100.EXE from the Windows startup.

Malware Analysis of APPSAFE_I323100.EXE
Full path on a computer: %TEMP%\APPSAFE_I323100.EXE

Detected by UnHackMe:

APPSAFE_I323100.EXE
Default location: %TEMP%\APPSAFE_I323100.EXE

Removal Results: Success
Number of reboot: 1

APPSAFE_I323100.EXE is known as:

Trojan AVKill

How to quickly detect APPSAFE_I323100.EXE presence?

Files:
  • %TEMP%\APPSAFE_I323100.EXE
  • %PROGRAM FILES COMMON%\MICROSOFT SHARED\MSINFO\APPSAFE.BAT
  • %PROGRAM FILES COMMON%\MICROSOFT SHARED\MSINFO\APPSAFE.EXE


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

NILYQAKUVAGO.EXE is Backdoor Pushdo

: Solved!

You should Download Removal Tool here...

The program NILYQAKUVAGO.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with NILYQAKUVAGO.EXE.
Download for free: http://www.unhackme.com

Malware Analysis of NILYQAKUVAGO.EXE
Full path on a computer: %Profile%\nilyqakuvago.exe

Detected by UnHackMe:

Item Name: nilyqakuvago
Author:
Current Setting: %PROFILE%\NILYQAKUVAGO.EXE
Type: Registry Run

Item Name: nilyqakuvago.exe
Author: Unknown
Related File: %PROFILE%\NILYQAKUVAGO.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

NILYQAKUVAGO.EXE is known as:

Backdoor.Pushdo, Trojan.Agent.89088.R, Backdoor.Pushdo.~RKS, Trojan-Downloader.Cutwail.bza (v), TR.Crypt.ZPACK.40047, Trojan[Backdoor].Pushdo, Spyware.Zbot, a variant of Win32.Injector.BBNJ, W32.Pushdo.RKS.tr.bdr

NILYQAKUVAGO.EXE hash:

  • MD5: f15be0daa762c12cda891a6390d77e86
How to quickly detect NILYQAKUVAGO.EXE presence?

Registry:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\nilyqakuvago: “%Profile%\nilyqakuvago.exe”
Files:
  • %Profile%\nilyqakuvago.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

WMIPRVSE.EXE is Trojan Malex

: Solved!

You should Download Removal Tool here...

We checked up the file WMIPRVSE.EXE and found it hazardous.
The file WMIPRVSE.EXE must be deleted from the system immediately.
Kill the process WMIPRVSE.EXE and remove WMIPRVSE.EXE from the Windows startup.

Malware Analysis of WMIPRVSE.EXE
Full path on a computer: %SysDir%\wmiprvse.exe

Detected by UnHackMe:

Item Name: Utpska qaacya
Author:
Current Setting: %SysDir%\wmiprvse.exe
Type: Auto Services

Item Name: wmiprvse.exe
Author: Unknown
Related File: %SYSDIR%\WMIPRVSE.EXE
Type: Running Processes

Removal Results: Success
Number of reboot: 1

WMIPRVSE.EXE is known as:

Trojan.Malex, Backdoor.Farfli

WMIPRVSE.EXE hash:

  • MD5: 793cd961b9f72ebcb27dfb8e42793d83
How to quickly detect WMIPRVSE.EXE presence?

Registry:
  • HKLM\System\CurrentControlSet\Services\Utpska qaacya\ImagePath: “%SysDir%\wmiprvse.exe”
  • HKLM\System\CurrentControlSet\Services\Utpska qaacya\DisplayName: “Hqasip sfyenezj”
Files:
  • %SysDir%\wmiprvse.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

ISTCLEANER.EXE is Trojan Tgenic

: Solved!

You should Download Removal Tool here...

The file ISTCLEANER.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete ISTCLEANER.EXE we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of ISTCLEANER.EXE
Full path on a computer: %Appdata%\UpdateServ\ISTCleaner.exe

Detected by UnHackMe:

ISTCLEANER.EXE
Default location: %Appdata%\UpdateServ\ISTCleaner.exe

Removal Results: Success
Number of reboot: 1

ISTCLEANER.EXE is known as:

Trojan.Tgenic

ISTCLEANER.EXE hash:

  • MD5: bc923de25a40c7c1edc7217898f8be28
How to quickly detect ISTCLEANER.EXE presence?

Folders:
  • %Appdata%\UpdateServ
  • %Program Files%\ISTCleaner
Files:
  • %Appdata%\UpdateServ\ISTCleaner.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

SaveNet

: Solved!

You should Download Removal Tool here...

SaveNet is a browser extension unique ID.
A browser extension is a computer program that extends the functionality of a web browser in some way.
We suggest you to remove SaveNet extension from your browser as soon as possible.
Also, you should delete files and registry keys, created by SaveNet.
SaveNet is related to: Adware, Search Redirecting.


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

HQTotalS

: Solved!

You should Download Removal Tool here...

HQTotalS is a browser extension unique ID.
A browser extension is a computer program that extends the functionality of a web browser in some way.
We suggest you to remove HQTotalS extension from your browser as soon as possible.
Also, you should delete files and registry keys, created by HQTotalS.
HQTotalS is related to: Adware, Search Redirecting.


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

EnjoyCoupon

: Solved!

You should Download Removal Tool here...

EnjoyCoupon is a browser extension unique ID.
A browser extension is a computer program that extends the functionality of a web browser in some way.
We suggest you to remove EnjoyCoupon extension from your browser as soon as possible.
Also, you should delete files and registry keys, created by EnjoyCoupon.
EnjoyCoupon is related to: Adware, Search Redirecting.


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

codec.mediacrow.eu

: Solved!

You should Download Removal Tool here...

codec.mediacrow.eu web site is claimed in annoying advertisements.
codec.mediacrow.eu redirect searches, user-entered URLs without clear notification and consent.
Sometimes codec.mediacrow.eu is installed without a user permission.
Some people have big problems with removing codec.mediacrow.eu from their computers.
codec.mediacrow.eu is related to: Adware, Search Redirecting.


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

B-Information

: Solved!

You should Download Removal Tool here...

B-Information is a browser extension unique ID.
A browser extension is a computer program that extends the functionality of a web browser in some way.
We suggest you to remove B-Information extension from your browser as soon as possible.
Also, you should delete files and registry keys, created by B-Information.
B-Information is related to: Adware, Search Redirecting.


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

alert.net-update.com

: Solved!

You should Download Removal Tool here...

alert.net-update.com web site is claimed in annoying advertisements.
alert.net-update.com redirect searches, user-entered URLs without clear notification and consent.
Sometimes alert.net-update.com is installed without a user permission.
Some people have big problems with removing alert.net-update.com from their computers.
alert.net-update.com is related to: Adware, Search Redirecting.


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

SPEEDUPMYCOMPUTER.EXE is Adware PUP.Optional.SmartTweak

: Solved!

You should Download Removal Tool here...

We received the file SPEEDUPMYCOMPUTER.EXE and detected that SPEEDUPMYCOMPUTER.EXE is not good.
SPEEDUPMYCOMPUTER.EXE is Adware. You should remove the file SPEEDUPMYCOMPUTER.EXE.
Kill the process SPEEDUPMYCOMPUTER.EXE and remove SPEEDUPMYCOMPUTER.EXE from Windows.

Malware Analysis of SPEEDUPMYCOMPUTER.EXE
Full path on a computer: %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe

Detected by UnHackMe:

SPEEDUPMYCOMPUTER.EXE
Default location: %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe

Removal Results: Success
Number of reboot: 1

SPEEDUPMYCOMPUTER.EXE is known as:

Adware.PUP.Optional.SmartTweak

SPEEDUPMYCOMPUTER.EXE hash:

  • MD5: 8a02341a839d415e0620ef84057ff99d
The file tries to connect to the dangerous web site.
How to quickly detect SPEEDUPMYCOMPUTER.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\DisplayName: “SpeedUpMyComputer”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\UninstallString: “%Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SpeedUpMyComputer: “%Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as”
Folders:
  • %Program Files%\SmartTweak
  • %Program Files%\SmartTweak\SpeedUpMyComputer
Files:
  • %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe
  • %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.url
  • %Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

VOPACKAGE.EXE is Adware PUP.VOPackage

: Solved!

You should Download Removal Tool here...

We received the file VOPACKAGE.EXE and detected that VOPACKAGE.EXE is not good.
VOPACKAGE.EXE is Adware. You should remove the file VOPACKAGE.EXE.
Kill the process VOPACKAGE.EXE and remove VOPACKAGE.EXE from Windows.

Malware Analysis of VOPACKAGE.EXE
Full path on a computer: %Appdata%\VOPackage\VOPackage.exe

Detected by UnHackMe:

VOPACKAGE.EXE
Default location: %Appdata%\VOPackage\VOPackage.exe

Removal Results: Success
Number of reboot: 1

VOPACKAGE.EXE is known as:

Adware.PUP.VOPackage

VOPACKAGE.EXE hash:

  • MD5: 1c7162a646986c12b879d8a46a8dc003
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect VOPACKAGE.EXE presence?

Registry:
  • HKLM\Software\Classes\sdp\shell\open\command\: “”%Local Appdata%\FilesFrog Update Checker\update_checker.exe” /protocol %1″
  • HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\DisplayName: “1place.org Games version 1.4″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\UninstallString: “”%Local Appdata%\1place.org Games\unins000.exe”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\DisplayName: “BaseFlash”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\UninstallString: “%Appdata%\BaseFlash\uninstallkit.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\DisplayName: “FilesFrog Update Checker”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\UninstallString: “%Local Appdata%\FilesFrog Update Checker\uninstall.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\DisplayName: “SpeedUpMyComputer”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\UninstallString: “%Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\DisplayName: “VO Package”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\UninstallString: “”%Appdata%\VOPackage\uninstall.exe”"
  • HKLM\System\CurrentControlSet\Services\GamesRS\ImagePath: “%Program Files%\GamesRS\GUpdater.exe”
  • HKLM\System\CurrentControlSet\Services\GamesRS\DisplayName: “GamesRS”
  • HKLM\System\CurrentControlSet\Services\srvProtectExtension\ImagePath: “%Appdata%\BaseFlash\protect\ProtectExtension.exe”
  • HKLM\System\CurrentControlSet\Services\srvProtectExtension\DisplayName: “Protect your browser’s extensions and plugins”
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SDP: “%Local Appdata%\FilesFrog Update Checker\update_checker.exe /auto ”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SpeedUpMyComputer: “%Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as”
Folders:
  • %Appdata%\BaseFlash
  • %Appdata%\BaseFlash\protect
  • %Appdata%\pdfforge
  • %Appdata%\pdfforge\Images2PDF
  • %Appdata%\pdfforge\PDFArchitect
  • %Appdata%\VOPackage
  • %Local Appdata%\Google\Chrome\User Data\Default\Pepper Data
  • %Local Appdata%\1place.org Games
  • %Local Appdata%\FilesFrog Update Checker
  • %Programs%\FilesFrog Update Checker
  • %Programs%\SmartTweak Software
  • %Programs%\SmartTweak Software\SpeedUpMyComputer
  • %Programs%\VOPackage
  • %Common Appdata%\Microsoft\Dr Watson
  • %Common Startmenu%\Programs\PDFCreator
  • %Common Startmenu%\Programs\PDFCreator\Images2PDF
  • %Common Startmenu%\Programs\PDFCreator\Licenses
  • %Program Files%\GamesRS
  • %Program Files%\SmartTweak
  • %Program Files%\SmartTweak\SpeedUpMyComputer
  • %SysDir%\spool\drivers\WIN40
Files:
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\playgame@zugaramedia.com.xpi
  • %Appdata%\BaseFlash\protect\config.xml
  • %Appdata%\BaseFlash\protect\Interop.Shell32.dll
  • %Appdata%\BaseFlash\protect\Newtonsoft.Json.dll
  • %Appdata%\BaseFlash\protect\ProtectExtension.exe
  • %Appdata%\BaseFlash\protect\sqlite3.exe
  • %Appdata%\BaseFlash\protect\utilsDll.dll
  • %Appdata%\BaseFlash\uninstallkit.exe
  • %Appdata%\pdfforge\Images2PDF\Images2PDF.settings
  • %Appdata%\pdfforge\PDFArchitect\PDFArchitect.settings
  • %Appdata%\VOPackage\Uninstall.exe
  • %Appdata%\VOPackage\VOPackage.exe
  • %Desktop%\SpeedUpMyComputer.lnk
  • %Local Appdata%\1place.org Games\unins000.dat
  • %Local Appdata%\1place.org Games\unins000.exe
  • %Local Appdata%\FilesFrog Update Checker\TempWmicBatchFile.bat
  • %Local Appdata%\FilesFrog Update Checker\uninstall.exe
  • %Local Appdata%\FilesFrog Update Checker\update_checker.exe
  • %Temp%\1PlaceOrgGames_Somoto.exe
  • %Temp%\4.tmp
  • %Temp%\bhfiles\7z.dll
  • %Temp%\bhfiles\BrowserHelper.exe
  • %Temp%\bhfiles\BrowserHelper.exe.config
  • %Temp%\bhfiles\browserhelper.log
  • %Temp%\bhfiles\ff_conduit_check.json
  • %Temp%\bhfiles\IEOpenServiceHelper.exe
  • %Temp%\bhfiles\Newtonsoft.Json.dll
  • %Temp%\bhfiles\SevenZipSharp.dll
  • %Temp%\bhfiles\STch.json
  • %Temp%\bhfiles\STch.json.old
  • %Temp%\bhfiles\STff.json
  • %Temp%\bhfiles\STff.json.old
  • %Temp%\bhfiles\STie.json
  • %Temp%\bhfiles\STie.json.old
  • %Temp%\bhfiles\sweettunes_search.xml
  • %Temp%\bhfiles\sweettunes_search.xml.old
  • %Temp%\bhfiles\System.Data.SQLite.dll
  • %Temp%\bhfiles\trusted_search.xml
  • %Temp%\bhfiles\x86\SQLite.Interop.dll
  • %Temp%\biclient.exe
  • %Temp%\DI\InstallerLibrary.dll
  • %Temp%\DI\ValidationScriptLibrary.dll
  • %Temp%\heu39T.nss
  • %Temp%\InstallerLibrary.dll
  • %Temp%\jdaaAVBC_132
  • %Temp%\ms.exe
  • %Temp%\nsa24.tmp
  • %Temp%\nsg37.tmp\Registry.dll
  • %Temp%\nsk41.tmp
  • %Temp%\nslF.tmp\registry.dll
  • %Temp%\nsq1E.tmp\InstallerLibrary.dll
  • %Temp%\nsq1E.tmp\ValidationScriptLibrary.dll
  • %Temp%\nsw19.tmp
  • %Temp%\Number of results
  • %Temp%\PDFCreator-1_3_2_setup.exe
  • %Temp%\qms.exe
  • %Temp%\setup_132.exe
  • %Temp%\SpeedUpMyComputer.exe
  • %Temp%\UpdateCheckerSetup.exe
  • %Temp%\ValidationScriptLibrary.dll
  • %Programs%\FilesFrog Update Checker\Check for Updates.lnk
  • %Programs%\FilesFrog Update Checker\Uninstall.lnk
  • %Programs%\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.lnk
  • %Programs%\SmartTweak Software\SpeedUpMyComputer\Uninstall.lnk
  • %Programs%\SmartTweak Software\SpeedUpMyComputer\Website.lnk
  • %Programs%\VOPackage\Configure.lnk
  • %Common Appdata%\Microsoft\Dr Watson\drwtsn32.log
  • %Common Desktopdirectory%\1place.org Games.url
  • %Common Desktopdirectory%\PDFArchitect.lnk
  • %Common Desktopdirectory%\PDFCreator.lnk
  • %Common Startmenu%\Programs\PDFCreator\Donate PDFCreator.lnk
  • %Common Startmenu%\Programs\PDFCreator\History.lnk
  • %Common Startmenu%\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk
  • %Common Startmenu%\Programs\PDFCreator\Images2PDF\Images2PDF.lnk
  • %Common Startmenu%\Programs\PDFCreator\Licenses\AFPL License.lnk
  • %Common Startmenu%\Programs\PDFCreator\Licenses\FairPlay License.lnk
  • %Common Startmenu%\Programs\PDFCreator\Licenses\GPL License.lnk
  • %Common Startmenu%\Programs\PDFCreator\PDFArchitect.lnk
  • %Common Startmenu%\Programs\PDFCreator\PDFCreator Help.lnk
  • %Common Startmenu%\Programs\PDFCreator\PDFCreator on the Web.lnk
  • %Common Startmenu%\Programs\PDFCreator\PDFCreator.lnk
  • %Common Startmenu%\Programs\PDFCreator\Translation Tool.lnk
  • %Program Files%\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
  • %Program Files%\GamesRS\GUpdater.exe
  • %Program Files%\GamesRS\msvcp100.dll
  • %Program Files%\GamesRS\msvcr100.dll
  • %Program Files%\GamesRS\QtCore4.dll
  • %Program Files%\GamesRS\QtNetwork4.dll
  • %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe
  • %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.url
  • %Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe
  • %SysDir%\spool\drivers\w32x86\3\PDFCREAT.BPD
  • %SysDir%\spool\drivers\w32x86\3\PDFCREAT.PPD
  • %SysDir%\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
  • %SysDir%\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
  • %SysDir%\MSMAPI32.OCX
  • %SysDir%\MSMPIDE.DLL
  • %SysDir%\pdfcmon.dll


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

BICLIENT.EXE is Adware PUP.Optional.Somoto.A

: Solved!

You should Download Removal Tool here...

We received the file BICLIENT.EXE and detected that BICLIENT.EXE is not good.
BICLIENT.EXE is Adware. You should remove the file BICLIENT.EXE.
Kill the process BICLIENT.EXE and remove BICLIENT.EXE from Windows.

Malware Analysis of BICLIENT.EXE
Full path on a computer: %Temp%\biclient.exe

Detected by UnHackMe:

BICLIENT.EXE
Default location: %Temp%\biclient.exe

Removal Results: Success
Number of reboot: 1

BICLIENT.EXE is known as:

Adware.PUP.Optional.Somoto.A, PUA.Somoto., W32.SomotoBetterInstaller.A.Eldorado, Win32:Somoto-F [PUP], not-a-virus:Downloader.NSIS.Agent.aq, Trojan.Agent.cruvhh, Application.Somoto.d, Adware.Downware.1184, Somoto BetterInstaller, Trojan.Tgenic, Application.Somoto.C, Downloader.Agent, Win32.Somoto.A, PUP.MultiToolbar.A

BICLIENT.EXE hash:

  • MD5: 92c732231b7909edeff180174c6ef499
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect BICLIENT.EXE presence?

Registry:
  • HKLM\Software\Classes\sdp\shell\open\command\: “”%Local Appdata%\FilesFrog Update Checker\update_checker.exe” /protocol %1″
  • HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\DisplayName: “1place.org Games version 1.4″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\UninstallString: “”%Local Appdata%\1place.org Games\unins000.exe”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\DisplayName: “BaseFlash”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\UninstallString: “%Appdata%\BaseFlash\uninstallkit.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\DisplayName: “FilesFrog Update Checker”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\UninstallString: “%Local Appdata%\FilesFrog Update Checker\uninstall.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\DisplayName: “SpeedUpMyComputer”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\UninstallString: “%Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\DisplayName: “VO Package”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\UninstallString: “”%Appdata%\VOPackage\uninstall.exe”"
  • HKLM\System\CurrentControlSet\Services\GamesRS\ImagePath: “%Program Files%\GamesRS\GUpdater.exe”
  • HKLM\System\CurrentControlSet\Services\GamesRS\DisplayName: “GamesRS”
  • HKLM\System\CurrentControlSet\Services\srvProtectExtension\ImagePath: “%Appdata%\BaseFlash\protect\ProtectExtension.exe”
  • HKLM\System\CurrentControlSet\Services\srvProtectExtension\DisplayName: “Protect your browser’s extensions and plugins”
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SDP: “%Local Appdata%\FilesFrog Update Checker\update_checker.exe /auto ”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SpeedUpMyComputer: “%Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as”
Folders:
  • %Appdata%\BaseFlash
  • %Appdata%\pdfforge
  • %Appdata%\VOPackage
  • %Local Appdata%\1place.org Games
  • %Local Appdata%\FilesFrog Update Checker
  • %Temp%\bhfiles
  • %Temp%\bhfiles\x86
  • %Temp%\DI
  • %Temp%\nsg37.tmp
  • %Temp%\nslF.tmp
  • %Temp%\nsq1E.tmp
  • %Temp%\SP
  • %Programs%\FilesFrog Update Checker
  • %Programs%\SmartTweak Software
  • %Programs%\SmartTweak Software\SpeedUpMyComputer
  • %Programs%\VOPackage
  • %Common Appdata%\Microsoft\Dr Watson
  • %Common Startmenu%\Programs\PDFCreator
  • %Common Startmenu%\Programs\PDFCreator\Images2PDF
  • %Common Startmenu%\Programs\PDFCreator\Licenses
  • %Program Files%\GamesRS
  • %Program Files%\SmartTweak
  • %Program Files%\SmartTweak\SpeedUpMyComputer
  • %SysDir%\spool\drivers\WIN40
Files:
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\playgame@zugaramedia.com.xpi
  • %Appdata%\BaseFlash\protect\config.xml
  • %Appdata%\BaseFlash\protect\Interop.Shell32.dll
  • %Appdata%\BaseFlash\protect\Newtonsoft.Json.dll
  • %Appdata%\BaseFlash\protect\ProtectExtension.exe
  • %Appdata%\BaseFlash\protect\sqlite3.exe
  • %Appdata%\BaseFlash\protect\utilsDll.dll
  • %Appdata%\BaseFlash\uninstallkit.exe
  • %Appdata%\pdfforge\Images2PDF\Images2PDF.settings
  • %Appdata%\pdfforge\PDFArchitect\PDFArchitect.settings
  • %Appdata%\VOPackage\Uninstall.exe
  • %Appdata%\VOPackage\VOPackage.exe
  • %Desktop%\SpeedUpMyComputer.lnk
  • %Local Appdata%\Google\Chrome\User Data\Default\Extension Rules\000024.log
  • %Local Appdata%\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000023
  • %Local Appdata%\Google\Chrome\User Data\Default\Extension State\000008.ldb
  • %Local Appdata%\Google\Chrome\User Data\Default\Extension State\000009.log
  • %Local Appdata%\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007
  • %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_cdn.anyoption.com_0.localstorage
  • %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_cdn.anyoption.com_0.localstorage-journal
  • %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage
  • %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage-journal
  • %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
  • %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage-journal
  • %Local Appdata%\Google\Chrome\User Data\Default\Session Storage\000031.ldb
  • %Local Appdata%\Google\Chrome\User Data\Default\Session Storage\000032.log
  • %Local Appdata%\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000030
  • %Local Appdata%\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\73TULH2Y\macromedia.com\support\flashplayer\sys\settings.sol
  • %Local Appdata%\1place.org Games\unins000.dat
  • %Local Appdata%\1place.org Games\unins000.exe
  • %Local Appdata%\FilesFrog Update Checker\TempWmicBatchFile.bat
  • %Local Appdata%\FilesFrog Update Checker\uninstall.exe
  • %Local Appdata%\FilesFrog Update Checker\update_checker.exe
  • %Temp%\1PlaceOrgGames_Somoto.exe
  • %Temp%\4.tmp
  • %Temp%\bhfiles\7z.dll
  • %Temp%\bhfiles\BrowserHelper.exe
  • %Temp%\bhfiles\BrowserHelper.exe.config
  • %Temp%\bhfiles\browserhelper.log
  • %Temp%\bhfiles\ff_conduit_check.json
  • %Temp%\bhfiles\IEOpenServiceHelper.exe
  • %Temp%\bhfiles\Newtonsoft.Json.dll
  • %Temp%\bhfiles\SevenZipSharp.dll
  • %Temp%\bhfiles\STch.json
  • %Temp%\bhfiles\STch.json.old
  • %Temp%\bhfiles\STff.json
  • %Temp%\bhfiles\STff.json.old
  • %Temp%\bhfiles\STie.json
  • %Temp%\bhfiles\STie.json.old
  • %Temp%\bhfiles\sweettunes_search.xml
  • %Temp%\bhfiles\sweettunes_search.xml.old
  • %Temp%\bhfiles\System.Data.SQLite.dll
  • %Temp%\bhfiles\trusted_search.xml
  • %Temp%\bhfiles\x86\SQLite.Interop.dll
  • %Temp%\biclient.exe
  • %Temp%\DI\InstallerLibrary.dll
  • %Temp%\DI\ValidationScriptLibrary.dll
  • %Temp%\heu39T.nss
  • %Temp%\InstallerLibrary.dll
  • %Temp%\jdaaAVBC_132
  • %Temp%\ms.exe
  • %Temp%\nsa24.tmp
  • %Temp%\nsg37.tmp\Registry.dll
  • %Temp%\nsk41.tmp
  • %Temp%\nslF.tmp\registry.dll
  • %Temp%\nsq1E.tmp\InstallerLibrary.dll
  • %Temp%\nsq1E.tmp\ValidationScriptLibrary.dll
  • %Temp%\nsw19.tmp
  • %Temp%\Number of results
  • %Temp%\PDFCreator-1_3_2_setup.exe
  • %Temp%\qms.exe
  • %Temp%\setup_132.exe
  • %Temp%\SpeedUpMyComputer.exe
  • %Temp%\UpdateCheckerSetup.exe
  • %Temp%\ValidationScriptLibrary.dll
  • %Programs%\FilesFrog Update Checker\Check for Updates.lnk
  • %Programs%\FilesFrog Update Checker\Uninstall.lnk
  • %Programs%\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.lnk
  • %Programs%\SmartTweak Software\SpeedUpMyComputer\Uninstall.lnk
  • %Programs%\SmartTweak Software\SpeedUpMyComputer\Website.lnk
  • %Programs%\VOPackage\Configure.lnk
  • %Common Appdata%\Microsoft\Dr Watson\drwtsn32.log
  • %Common Desktopdirectory%\1place.org Games.url
  • %Common Desktopdirectory%\PDFArchitect.lnk
  • %Common Desktopdirectory%\PDFCreator.lnk
  • %Common Startmenu%\Programs\PDFCreator\Donate PDFCreator.lnk
  • %Common Startmenu%\Programs\PDFCreator\History.lnk
  • %Common Startmenu%\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk
  • %Common Startmenu%\Programs\PDFCreator\Images2PDF\Images2PDF.lnk
  • %Common Startmenu%\Programs\PDFCreator\Licenses\AFPL License.lnk
  • %Common Startmenu%\Programs\PDFCreator\Licenses\FairPlay License.lnk
  • %Common Startmenu%\Programs\PDFCreator\Licenses\GPL License.lnk
  • %Common Startmenu%\Programs\PDFCreator\PDFArchitect.lnk
  • %Common Startmenu%\Programs\PDFCreator\PDFCreator Help.lnk
  • %Common Startmenu%\Programs\PDFCreator\PDFCreator on the Web.lnk
  • %Common Startmenu%\Programs\PDFCreator\PDFCreator.lnk
  • %Common Startmenu%\Programs\PDFCreator\Translation Tool.lnk
  • %Program Files%\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
  • %Program Files%\GamesRS\GUpdater.exe
  • %Program Files%\GamesRS\msvcp100.dll
  • %Program Files%\GamesRS\msvcr100.dll
  • %Program Files%\GamesRS\QtCore4.dll
  • %Program Files%\GamesRS\QtNetwork4.dll
  • %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe
  • %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.url
  • %Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe
  • %SysDir%\spool\drivers\w32x86\3\PDFCREAT.BPD
  • %SysDir%\spool\drivers\w32x86\3\PDFCREAT.PPD
  • %SysDir%\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
  • %SysDir%\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
  • %SysDir%\MSMAPI32.OCX
  • %SysDir%\MSMPIDE.DLL
  • %SysDir%\pdfcmon.dll


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

DUALPAGE.EXE is Adware Kraddare.HX

: Solved!

You should Download Removal Tool here...

We received the file DUALPAGE.EXE and detected that DUALPAGE.EXE is not good.
DUALPAGE.EXE is Adware. You should remove the file DUALPAGE.EXE.
Kill the process DUALPAGE.EXE and remove DUALPAGE.EXE from Windows.

Malware Analysis of DUALPAGE.EXE
Full path on a computer: %Program Files%\dualpage\dualpage.exe

Detected by UnHackMe:

DUALPAGE.EXE
Default location: %Program Files%\dualpage\dualpage.exe

Removal Results: Success
Number of reboot: 1

DUALPAGE.EXE is known as:

Adware.Kraddare.HX

DUALPAGE.EXE hash:

  • MD5: 50a90638b6d33ec28b9b9c38e961790e
The file tries to connect to the dangerous web site.
How to quickly detect DUALPAGE.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Dualpage KB25031400\DisplayName: “Internet Dualpage KB25031400 ”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Dualpage KB25031400\UninstallString: “%Program Files%\dualpage\uninst.exe”
  • HKLM\System\CurrentControlSet\Services\dualpage\ImagePath: “%Program Files%\dualpage\dualpagesvc.exe”
  • HKLM\System\CurrentControlSet\Services\dualpage\DisplayName: “dualpage svc”
Folders:
  • %Program Files%\dualpage
Files:
  • %Program Files%\dualpage\dualpage.exe
  • %Program Files%\dualpage\dualpagecnt.exe
  • %Program Files%\dualpage\dualpagesvc.exe
  • %Program Files%\dualpage\uninst.exe
  • %WinDir%\dualpage.ini


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

DUALPAGESVC.EXE is Adware Kraddare.HB

: Solved!

You should Download Removal Tool here...

We received the file DUALPAGESVC.EXE and detected that DUALPAGESVC.EXE is not good.
DUALPAGESVC.EXE is Adware. You should remove the file DUALPAGESVC.EXE.
Kill the process DUALPAGESVC.EXE and remove DUALPAGESVC.EXE from Windows.

Malware Analysis of DUALPAGESVC.EXE
Full path on a computer: %Program Files%\dualpage\dualpagesvc.exe

Detected by UnHackMe:

DUALPAGESVC.EXE
Default location: %Program Files%\dualpage\dualpagesvc.exe

Removal Results: Success
Number of reboot: 1

DUALPAGESVC.EXE is known as:

Adware.Kraddare.HB

DUALPAGESVC.EXE hash:

  • MD5: 2c4a6c2c0f8f818d04b3fc5a04edeba9
The file tries to download information from some web sites.
How to quickly detect DUALPAGESVC.EXE presence?

Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Dualpage KB25031400\DisplayName: “Internet Dualpage KB25031400 ”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Dualpage KB25031400\UninstallString: “%Program Files%\dualpage\uninst.exe”
  • HKLM\System\CurrentControlSet\Services\dualpage\ImagePath: “%Program Files%\dualpage\dualpagesvc.exe”
  • HKLM\System\CurrentControlSet\Services\dualpage\DisplayName: “dualpage svc”
Folders:
  • %Program Files%\dualpage
Files:
  • %Program Files%\dualpage\dualpage.exe
  • %Program Files%\dualpage\dualpagecnt.exe
  • %Program Files%\dualpage\dualpagesvc.exe
  • %Program Files%\dualpage\uninst.exe
  • %WinDir%\dualpage.ini


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

PROTECTEXTENSION.EXE is Adware BaseFlash

: Solved!

You should Download Removal Tool here...

We received the file PROTECTEXTENSION.EXE and detected that PROTECTEXTENSION.EXE is not good.
PROTECTEXTENSION.EXE is Adware. You should remove the file PROTECTEXTENSION.EXE.
Kill the process PROTECTEXTENSION.EXE and remove PROTECTEXTENSION.EXE from Windows.

Malware Analysis of PROTECTEXTENSION.EXE
Full path on a computer: %Appdata%\BaseFlash\protect\ProtectExtension.exe

Detected by UnHackMe:

PROTECTEXTENSION.EXE
Default location: %Appdata%\BaseFlash\protect\ProtectExtension.exe

Removal Results: Success
Number of reboot: 1

PROTECTEXTENSION.EXE is known as:

Adware.BaseFlash, probably a variant of MSIL.Vittalia.D, Adware.Vittalia, Adware.Vittalia.81

PROTECTEXTENSION.EXE hash:

  • MD5: 1faa6c0e5c2752c976017f2ebb774fdc
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect PROTECTEXTENSION.EXE presence?

Registry:
  • HKLM\Software\Classes\sdp\shell\open\command\: “”%Local Appdata%\FilesFrog Update Checker\update_checker.exe” /protocol %1″
  • HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\DisplayName: “1place.org Games version 1.4″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\UninstallString: “”%Local Appdata%\1place.org Games\unins000.exe”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\DisplayName: “BaseFlash”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\UninstallString: “%Appdata%\BaseFlash\uninstallkit.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\DisplayName: “FilesFrog Update Checker”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\UninstallString: “%Local Appdata%\FilesFrog Update Checker\uninstall.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\DisplayName: “SpeedUpMyComputer”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\UninstallString: “%Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\DisplayName: “VO Package”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\UninstallString: “”%Appdata%\VOPackage\uninstall.exe”"
  • HKLM\System\CurrentControlSet\Services\GamesRS\ImagePath: “%Program Files%\GamesRS\GUpdater.exe”
  • HKLM\System\CurrentControlSet\Services\GamesRS\DisplayName: “GamesRS”
  • HKLM\System\CurrentControlSet\Services\srvProtectExtension\ImagePath: “%Appdata%\BaseFlash\protect\ProtectExtension.exe”
  • HKLM\System\CurrentControlSet\Services\srvProtectExtension\DisplayName: “Protect your browser’s extensions and plugins”
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SDP: “%Local Appdata%\FilesFrog Update Checker\update_checker.exe /auto ”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SpeedUpMyComputer: “%Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as”
Folders:
  • %Appdata%\BaseFlash
  • %Appdata%\BaseFlash\protect
  • %Appdata%\VOPackage
  • %Local Appdata%\Google\Chrome\User Data\Default\Pepper Data
  • %Local Appdata%\1place.org Games
  • %Local Appdata%\FilesFrog Update Checker
  • %Temp%\bhfiles
  • %Temp%\bhfiles\x86
  • %Temp%\DI
  • %Temp%\nsg37.tmp
  • %Temp%\nslF.tmp
  • %Temp%\nsq1E.tmp
  • %Temp%\SP
  • %Programs%\FilesFrog Update Checker
  • %Programs%\SmartTweak Software
  • %Programs%\SmartTweak Software\SpeedUpMyComputer
  • %Programs%\VOPackage
  • %Common Appdata%\Microsoft\Dr Watson
  • %Common Startmenu%\Programs\PDFCreator
  • %Common Startmenu%\Programs\PDFCreator\Images2PDF
  • %Common Startmenu%\Programs\PDFCreator\Licenses
  • %Program Files%\GamesRS
  • %Program Files%\SmartTweak
  • %Program Files%\SmartTweak\SpeedUpMyComputer
  • %SysDir%\spool\drivers\WIN40
Files:
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\playgame@zugaramedia.com.xpi
  • %Appdata%\BaseFlash\protect\config.xml
  • %Appdata%\BaseFlash\protect\Interop.Shell32.dll
  • %Appdata%\BaseFlash\protect\Newtonsoft.Json.dll
  • %Appdata%\BaseFlash\protect\ProtectExtension.exe
  • %Appdata%\BaseFlash\protect\sqlite3.exe
  • %Appdata%\BaseFlash\protect\utilsDll.dll
  • %Appdata%\BaseFlash\uninstallkit.exe
  • %Appdata%\pdfforge\Images2PDF\Images2PDF.settings
  • %Appdata%\pdfforge\PDFArchitect\PDFArchitect.settings
  • %Appdata%\VOPackage\Uninstall.exe
  • %Appdata%\VOPackage\VOPackage.exe
  • %Desktop%\SpeedUpMyComputer.lnk
  • %Local Appdata%\1place.org Games\unins000.dat
  • %Local Appdata%\1place.org Games\unins000.exe
  • %Local Appdata%\FilesFrog Update Checker\TempWmicBatchFile.bat
  • %Local Appdata%\FilesFrog Update Checker\uninstall.exe
  • %Local Appdata%\FilesFrog Update Checker\update_checker.exe
  • %Temp%\1PlaceOrgGames_Somoto.exe
  • %Temp%\4.tmp
  • %Temp%\bhfiles\7z.dll
  • %Temp%\bhfiles\BrowserHelper.exe
  • %Temp%\bhfiles\BrowserHelper.exe.config
  • %Temp%\bhfiles\browserhelper.log
  • %Temp%\bhfiles\ff_conduit_check.json
  • %Temp%\bhfiles\IEOpenServiceHelper.exe
  • %Temp%\bhfiles\Newtonsoft.Json.dll
  • %Temp%\bhfiles\SevenZipSharp.dll
  • %Temp%\bhfiles\STch.json
  • %Temp%\bhfiles\STch.json.old
  • %Temp%\bhfiles\STff.json
  • %Temp%\bhfiles\STff.json.old
  • %Temp%\bhfiles\STie.json
  • %Temp%\bhfiles\STie.json.old
  • %Temp%\bhfiles\sweettunes_search.xml
  • %Temp%\bhfiles\sweettunes_search.xml.old
  • %Temp%\bhfiles\System.Data.SQLite.dll
  • %Temp%\bhfiles\trusted_search.xml
  • %Temp%\bhfiles\x86\SQLite.Interop.dll
  • %Temp%\biclient.exe
  • %Temp%\DI\InstallerLibrary.dll
  • %Temp%\DI\ValidationScriptLibrary.dll
  • %Temp%\heu39T.nss
  • %Temp%\InstallerLibrary.dll
  • %Temp%\jdaaAVBC_132
  • %Temp%\ms.exe
  • %Temp%\nsa24.tmp
  • %Temp%\nsg37.tmp\Registry.dll
  • %Temp%\nsk41.tmp
  • %Temp%\nslF.tmp\registry.dll
  • %Temp%\nsq1E.tmp\InstallerLibrary.dll
  • %Temp%\nsq1E.tmp\ValidationScriptLibrary.dll
  • %Temp%\nsw19.tmp
  • %Temp%\Number of results
  • %Temp%\PDFCreator-1_3_2_setup.exe
  • %Temp%\qms.exe
  • %Temp%\setup_132.exe
  • %Temp%\SpeedUpMyComputer.exe
  • %Temp%\UpdateCheckerSetup.exe
  • %Temp%\ValidationScriptLibrary.dll
  • %Programs%\FilesFrog Update Checker\Check for Updates.lnk
  • %Programs%\FilesFrog Update Checker\Uninstall.lnk
  • %Programs%\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.lnk
  • %Programs%\SmartTweak Software\SpeedUpMyComputer\Uninstall.lnk
  • %Programs%\SmartTweak Software\SpeedUpMyComputer\Website.lnk
  • %Programs%\VOPackage\Configure.lnk
  • %Common Appdata%\Microsoft\Dr Watson\drwtsn32.log
  • %Common Desktopdirectory%\1place.org Games.url
  • %Program Files%\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
  • %Program Files%\GamesRS\GUpdater.exe
  • %Program Files%\GamesRS\msvcp100.dll
  • %Program Files%\GamesRS\msvcr100.dll
  • %Program Files%\GamesRS\QtCore4.dll
  • %Program Files%\GamesRS\QtNetwork4.dll
  • %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe
  • %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.url
  • %Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe
  • %SysDir%\spool\drivers\w32x86\3\PDFCREAT.BPD
  • %SysDir%\spool\drivers\w32x86\3\PDFCREAT.PPD
  • %SysDir%\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
  • %SysDir%\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
  • %SysDir%\MSMAPI32.OCX
  • %SysDir%\MSMPIDE.DLL
  • %SysDir%\pdfcmon.dll


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

SN.BOOSTER is Trojan SProtector

: Solved!

You should Download Removal Tool here...

The file SN.BOOSTER is malware related.
You must delete the file SN.BOOSTER immediately!
Delete the file SN.BOOSTER without delay!
Kill the process SN.BOOSTER and remove SN.BOOSTER from the Windows startup.

Malware Analysis of SN.BOOSTER
Full path on a computer: %Program Files%\SN.Booster

Detected by UnHackMe:

SN.BOOSTER
Default location: %Program Files%\SN.Booster

Removal Results: Success
Number of reboot: 1

SN.BOOSTER is known as:

Trojan.SProtector, Trojan ( 0049344e1 ), Backdoor.Trojan, ADW_SPROTECT, Win32:SProtector-C [PUP], Adware.Agent.4296192, ApplicUnwnt, Trojan.WebPick.35, BProtector, Troj.Undef.(kcloud), Adware.SProtector, Trojan.SProtector.81, a variant of Win32.SProtector.D, AdWare.Bprotector, Adware.Bprotect

SN.BOOSTER hash:

  • MD5: d4d1cc69e363813c14f289694756aa1e
The file tries to download information from some web sites.
How to quickly detect SN.BOOSTER presence?

Registry:
  • HKLM\Software\Classes\CLSID\{63DF3502-E97A-D7B7-8187-B28A7E91596E}\InprocServer32\: “%Program Files%\savE nneT\R2sf.dll”
  • HKLM\Software\Classes\CLSID\{652A7E34-19EA-5DF2-12DA-911DEBA51BC3}\InprocServer32\: “%Program Files%\YoutubeAdblocker\EZtrWG4VT.dll”
  • HKLM\Software\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\LocalServer32\: “”%SysDir%\Adobe\Shockwave 11\SwHelper_1157609.exe”"
  • HKLM\Software\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32\: “%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll”
  • HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\12acef01-7853-4166-b453-b58650af5034\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{630B6~1\Setup.exe /remove /q0″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\DisplayName: “LiveSupport”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\UninstallString: “”%Program Files%\LiveSupport\unins000.exe”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\DisplayName: “Optimizer Pro v3.2″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\UninstallString: “”%Program Files%\Optimizer Pro\unins000.exe”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-403225106\UninstallString: “”c:\documents and settings\all users\application data\superbapp\sn.booster\sn.booster.exe” /uninstall”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-403225106\DisplayName: “SN.Booster”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\DisplayName: “WPM18.8.0.212″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\UninstallString: “%Common Appdata%\WPM\wprotectmanager.exe -uninstall”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “YoutubeAdblocker”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SN406E~1.BOO”,_uninstall /un”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\DisplayName: “SN.Sustainer 1.80″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\UninstallString: “”%Common Appdata%\savE nneT\0wMPU.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\DisplayName: “savE nneT”
  • HKLM\System\CurrentControlSet\Services\916e5338\ImagePath: “”%SysDir%\rundll32.exe” “c:\progra~1\SNSvc.dll”,service”
  • HKLM\System\CurrentControlSet\Services\916e5338\DisplayName: “SN.Sustainer”
  • HKLM\System\CurrentControlSet\Services\Wpm\ImagePath: “%Common Appdata%\WPM\wprotectmanager.exe -service”
  • HKLM\System\CurrentControlSet\Services\Wpm\DisplayName: “Wpm Service”
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Optimizer Pro: “%Program Files%\Optimizer Pro\OptProLauncher.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LiveSupport: “”%Program Files%\LiveSupport\LiveSupport.exe” /noshow /log”
  • HKCU\Software\Optimizer Pro\DisplayName: “Optimizer Pro”
  • HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
  • HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Program Files%\Google\Chrome\Application\chrome.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
  • HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
  • HKLM\Software\Clients\StartMenuInternet\OperaNext\shell\open\command\: “”%Program Files%\Opera Next\Launcher.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
  • HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\sn406e~1.boo”
Folders:
  • %Profile%\AppData
  • %Common Appdata%\InstallMate
  • %Common Appdata%\savE nneT
  • %Common Appdata%\SuperbApp
  • %Common Appdata%\SuperbApp\Setup
  • %Common Appdata%\SuperbApp\SN.Booster
  • %Common Appdata%\SuperbApp\SN.Booster\403225106
  • %Common Appdata%\WPM
  • %Common Appdata%\WPM\log
  • %Common Appdata%\WPM\update
  • %Common Appdata%\YoutubeAdblocker
  • %Program Files%\LiveSupport
  • %Program Files%\Optimizer Pro
  • %Program Files%\savE nneT
  • %Program Files%\YoutubeAdblocker
Files:
  • %Profile%\AppData\LocalLow\{63DF3502-E97A-D7B7-8187-B28A7E91596E}\savE nneT.2.7.dat
  • %Profile%\AppData\LocalLow\{652A7E34-19EA-5DF2-12DA-911DEBA51BC3}\YoutubeAdblocker.2.7.dat
  • %Common Appdata%\d4cce9714edd12e7\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
  • %Common Appdata%\d4cce9714edd12e7\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
  • %Common Appdata%\d4cce9714edd12e7\{7DD5E91C-3864-77EC-7635-D14910C2A03E}.old
  • %Common Appdata%\d4cce9714edd12e7\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
  • %Common Appdata%\InstallMate\{630B6380-6555-42A1-A04A-2D77B8E84176}\20140414190223.log
  • %Common Appdata%\InstallMate\{630B6380-6555-42A1-A04A-2D77B8E84176}\Custom.dll
  • %Common Appdata%\InstallMate\{630B6380-6555-42A1-A04A-2D77B8E84176}\Readme.txt
  • %Common Appdata%\InstallMate\{630B6380-6555-42A1-A04A-2D77B8E84176}\Setup.dat
  • %Common Appdata%\InstallMate\{630B6380-6555-42A1-A04A-2D77B8E84176}\Setup.exe
  • %Common Appdata%\InstallMate\{630B6380-6555-42A1-A04A-2D77B8E84176}\Setup.ico
  • %Common Appdata%\InstallMate\{630B6380-6555-42A1-A04A-2D77B8E84176}\TsuDll.dll
  • %Common Appdata%\InstallMate\{630B6380-6555-42A1-A04A-2D77B8E84176}\_Setup.dll
  • %Common Appdata%\savE nneT\0wMPU.dat
  • %Common Appdata%\savE nneT\0wMPU.exe
  • %Common Appdata%\SuperbApp\SN.Booster\403225106.ini
  • %Common Appdata%\SuperbApp\SN.Booster\SN.Booster.exe
  • %Common Appdata%\WPM\log\wprotectmanager_2014-04-14[19-25-58-310].log
  • %Common Appdata%\WPM\update\conf
  • %Common Appdata%\WPM\wprotectmanager.exe
  • %Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.dat
  • %Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.exe
  • %Program Files%\Mozilla Firefox\browser\searchplugins\sweet-page.xml
  • %Program Files%\LiveSupport\LiveSupport.exe
  • %Program Files%\LiveSupport\LiveSupport_deskband_x32.dll
  • %Program Files%\LiveSupport\LiveSupport_deskband_x64.dll
  • %Program Files%\LiveSupport\unins000.dat
  • %Program Files%\LiveSupport\unins000.exe
  • %Program Files%\LiveSupport\unins000.msg
  • %Program Files%\savE nneT\R2sf.dat
  • %Program Files%\savE nneT\R2sf.dll
  • %Program Files%\savE nneT\R2sf.tlb
  • %Program Files%\savE nneT\R2sf.x64.dll
  • %Program Files%\SN.Booster
  • %Program Files%\SNSvc.dll
  • %Program Files%\YoutubeAdblocker\EZtrWG4VT.dat
  • %Program Files%\YoutubeAdblocker\EZtrWG4VT.dll
  • %Program Files%\YoutubeAdblocker\EZtrWG4VT.tlb
  • %Program Files%\YoutubeAdblocker\EZtrWG4VT.x64.dll
  • %WinDir%\Tasks\SN.Booster-S-403225106.job


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

SN.BOOSTER.EXE is Adware PUP.Optional.MultiPlug.A

: Solved!

You should Download Removal Tool here...

We received the file SN.BOOSTER.EXE and detected that SN.BOOSTER.EXE is not good.
SN.BOOSTER.EXE is Adware. You should remove the file SN.BOOSTER.EXE.
Kill the process SN.BOOSTER.EXE and remove SN.BOOSTER.EXE from Windows.

Malware Analysis of SN.BOOSTER.EXE
Full path on a computer: %Common Appdata%\SuperbApp\SN.Booster\SN.Booster.exe

Detected by UnHackMe:

SN.BOOSTER.EXE
Default location: %Common Appdata%\SuperbApp\SN.Booster\SN.Booster.exe

Removal Results: Success
Number of reboot: 1

SN.BOOSTER.EXE is known as:

Adware.PUP.Optional.MultiPlug.A, Trojan.Downloader.Agent.afd, Trojan-Downloader ( 0048ec4f1 ), Trojan.DL.Adload.sfG54tBszYg, W32.Trojan2.OBQW, Win32.Tnega.VeAcWa, Win32:Agent-ASOC [Adw], Trojan-Downloader.Adload.dyhq, Trojan.Agent.cojdgu, Trojan.S.Agent.729600.B, Troj.Agent-AFFX, TrojWare.TrojanDownloader.Agent.AFD, Trojan.DownLoad3.30962, TR.Downloader.A.988, Trojan-Downloader.Adload (A), TrojanDownloader.Adload.vxu, Trojan.Agent, W32.Trojan.ZIUW-3330, TrojanDownloader.Adload, Trj.WLT.A, Win32.TrojanDownloader.Agent.AFD, Trojan-Downloader.Adload, W32.Agent.AFD.tr.dldr, Trojan.Agent.50, Win32.Trojan.Downloader.ec6

SN.BOOSTER.EXE hash:

  • MD5: 1d283dd3ae2312eee624e8b8c46f6adb
The file tries to connect to the dangerous web site.
How to quickly detect SN.BOOSTER.EXE presence?

Registry:
  • HKLM\Software\Classes\CLSID\{63DF3502-E97A-D7B7-8187-B28A7E91596E}\InprocServer32\: “%Program Files%\savE nneT\R2sf.dll”
  • HKLM\Software\Classes\CLSID\{652A7E34-19EA-5DF2-12DA-911DEBA51BC3}\InprocServer32\: “%Program Files%\YoutubeAdblocker\EZtrWG4VT.dll”
  • HKLM\Software\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\LocalServer32\: “”%SysDir%\Adobe\Shockwave 11\SwHelper_1157609.exe”"
  • HKLM\Software\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32\: “%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll”
  • HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\12acef01-7853-4166-b453-b58650af5034\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{630B6~1\Setup.exe /remove /q0″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\DisplayName: “LiveSupport”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\UninstallString: “”%Program Files%\LiveSupport\unins000.exe”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\DisplayName: “Optimizer Pro v3.2″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\UninstallString: “”%Program Files%\Optimizer Pro\unins000.exe”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-403225106\UninstallString: “”c:\documents and settings\all users\application data\superbapp\sn.booster\sn.booster.exe” /uninstall”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-403225106\DisplayName: “SN.Booster”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\DisplayName: “WPM18.8.0.212″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\UninstallString: “%Common Appdata%\WPM\wprotectmanager.exe -uninstall”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “YoutubeAdblocker”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SN406E~1.BOO”,_uninstall /un”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\DisplayName: “SN.Sustainer 1.80″
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\UninstallString: “”%Common Appdata%\savE nneT\0wMPU.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\DisplayName: “savE nneT”
  • HKLM\System\CurrentControlSet\Services\916e5338\ImagePath: “”%SysDir%\rundll32.exe” “c:\progra~1\SNSvc.dll”,service”
  • HKLM\System\CurrentControlSet\Services\916e5338\DisplayName: “SN.Sustainer”
  • HKLM\System\CurrentControlSet\Services\Wpm\ImagePath: “%Common Appdata%\WPM\wprotectmanager.exe -service”
  • HKLM\System\CurrentControlSet\Services\Wpm\DisplayName: “Wpm Service”
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Optimizer Pro: “%Program Files%\Optimizer Pro\OptProLauncher.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LiveSupport: “”%Program Files%\LiveSupport\LiveSupport.exe” /noshow /log”
  • HKCU\Software\Optimizer Pro\DisplayName: “Optimizer Pro”
  • HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
  • HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Program Files%\Google\Chrome\Application\chrome.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
  • HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
  • HKLM\Software\Clients\StartMenuInternet\OperaNext\shell\open\command\: “”%Program Files%\Opera Next\Launcher.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
  • HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\sn406e~1.boo”
Folders:
  • %Profile%\AppData\LocalLow
  • %Profile%\AppData\LocalLow\{63DF3502-E97A-D7B7-8187-B28A7E91596E}
  • %Profile%\AppData\LocalLow\{652A7E34-19EA-5DF2-12DA-911DEBA51BC3}
  • %Common Appdata%\InstallMate
  • %Common Appdata%\savE nneT
  • %Common Appdata%\SuperbApp
  • %Common Appdata%\SuperbApp\Setup
  • %Common Appdata%\SuperbApp\SN.Booster
  • %Common Appdata%\SuperbApp\SN.Booster\403225106
  • %Common Appdata%\WPM
  • %Common Appdata%\WPM\log
  • %Common Appdata%\WPM\update
  • %Common Appdata%\YoutubeAdblocker
  • %Common Startmenu%\Programs\LiveSupport
  • %Program Files%\LiveSupport
  • %Program Files%\savE nneT
  • %Program Files%\YoutubeAdblocker
Files:
  • %Common Appdata%\savE nneT\0wMPU.dat
  • %Common Appdata%\savE nneT\0wMPU.exe
  • %Common Appdata%\SuperbApp\SN.Booster\403225106.ini
  • %Common Appdata%\SuperbApp\SN.Booster\SN.Booster.exe
  • %Common Appdata%\WPM\log\wprotectmanager_2014-04-14[19-25-58-310].log
  • %Common Appdata%\WPM\update\conf
  • %Common Appdata%\WPM\wprotectmanager.exe
  • %Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.dat
  • %Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.exe
  • %Program Files%\Mozilla Firefox\browser\searchplugins\sweet-page.xml
  • %Program Files%\LiveSupport\LiveSupport.exe
  • %Program Files%\LiveSupport\LiveSupport_deskband_x32.dll
  • %Program Files%\LiveSupport\LiveSupport_deskband_x64.dll
  • %Program Files%\LiveSupport\unins000.dat
  • %Program Files%\LiveSupport\unins000.exe
  • %Program Files%\LiveSupport\unins000.msg
  • %Program Files%\savE nneT\R2sf.dat
  • %Program Files%\savE nneT\R2sf.dll
  • %Program Files%\savE nneT\R2sf.tlb
  • %Program Files%\savE nneT\R2sf.x64.dll
  • %Program Files%\SN.Booster
  • %Program Files%\SNSvc.dll
  • %Program Files%\YoutubeAdblocker\EZtrWG4VT.dat
  • %Program Files%\YoutubeAdblocker\EZtrWG4VT.dll
  • %Program Files%\YoutubeAdblocker\EZtrWG4VT.tlb
  • %Program Files%\YoutubeAdblocker\EZtrWG4VT.x64.dll
  • %WinDir%\Tasks\SN.Booster-S-403225106.job


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

« Previous PageNext Page »