WebSearch\SPROTECTOR.DLL is Trojan Sprotector

Dmitry Sokolov recommends his nice removal tool: UnHackMe


UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved!
5 Stars (5 / 5)


The file SPROTECTOR.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete SPROTECTOR.DLL we suggest you should use UnHackMe:
http://www.unhackme.com

Malware Analysis of SPROTECTOR.DLL
Full path on a computer: %Program Files%\WebSearch\sprotector.dll

Detected by UnHackMe:

SPROTECTOR.DLL
Default location: %Program Files%\WebSearch\sprotector.dll

Removal Results: Success
Number of reboot: 1

SPROTECTOR.DLL is known as:

Trojan.Sprotector, ADW_SPROTECT, Win32:SProtector-A [PUP], Adware.BGuard.B, Adware.BGuard.B (B), Adware.BGuard.11, a variant of Win32.SProtector.A

SPROTECTOR.DLL hash:

  • MD5: d59fb8a196cc8ad8e8bde0c437070cc6
The file tries to download information from some web sites.
How to quickly detect SPROTECTOR.DLL presence?

Registry:
  • HKLM\Software\Classes\CLSID\{D0BDA4D8-5BA0-FBBF-82FD-A2CF68EE2B82}\InProcServer32\: “%Common Appdata%\SearchNewTab\51e8f93545909.dll”
  • HKLM\Software\Classes\CLSID\{E270EC96-A42B-7C60-49D7-B6E02723C9A6}\InProcServer32\: “%Common Appdata%\saffe saevue\51e8f8fb98086.dll”
  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\safesa~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll”
Folders:
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org\content
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk\content
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1
  • %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}
  • %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Addons
  • %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\x64
  • %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\x86
  • %Common Appdata%\InstallMate
  • %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}
  • %Common Appdata%\saffe saevue
  • %Common Appdata%\SearchNewTab
  • %Common Appdata%\StarApp
  • %Common Appdata%\StarApp\Setup
  • %Common Startmenu%\Programs\EZDownloader
  • %Common Startmenu%\Programs\saffe saevue
  • %Common Startmenu%\Programs\SearchNewTab
  • %Program Files%\EZDownloader
  • %Program Files%\SafeSaver
  • %Program Files%\WebSearch
  • %SysDir%\AMD64
  • %SysDir%\X86
Files:
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org\bootstrap.js
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org\chrome.manifest
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org\content\bg.js
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org\install.rdf
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk\bootstrap.js
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk\chrome.manifest
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk\content\bg.js
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk\install.rdf
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins\WebSearch.xml
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\51e8f935456c43.29829248.js
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\background.html
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\content.js
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\lsdb.js
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\manifest.json
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\newtab.html
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\sqlite.js
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\51e8f8fb97e488.17001059.js
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\background.html
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\content.js
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\lsdb.js
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\manifest.json
  • %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\sqlite.js
  • %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Addons\newtab_setup.exe
  • %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Addons\web_assistant_v2.exe
  • %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\general_logo.jpg
  • %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\v_grey.jpg
  • %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\x64\regsvr32.exe
  • %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\x86\regsvr32.exe
  • %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\20130719122854.log
  • %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Custom.dll
  • %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Readme.txt
  • %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Setup.dat
  • %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Setup.exe
  • %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Setup.ico
  • %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\TsuDll.dll
  • %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\_Setup.dll
  • %Common Appdata%\saffe saevue\51e8f8fb98086.dll
  • %Common Appdata%\saffe saevue\51e8f8fb98086.tlb
  • %Common Appdata%\saffe saevue\settings.ini
  • %Common Appdata%\saffe saevue\uninstall.exe
  • %Common Appdata%\SearchNewTab\51e8f93545909.dll
  • %Common Appdata%\SearchNewTab\51e8f93545909.tlb
  • %Common Appdata%\SearchNewTab\settings.ini
  • %Common Appdata%\SearchNewTab\uninstall.exe
  • %Common Desktopdirectory%\EZDownloader.lnk
  • %Common Startmenu%\Programs\EZDownloader\EZDownloader.lnk
  • %Common Startmenu%\Programs\saffe saevue\saffe saevue.lnk
  • %Common Startmenu%\Programs\saffe saevue\Uninstall.lnk
  • %Common Startmenu%\Programs\SearchNewTab\SearchNewTab.lnk
  • %Common Startmenu%\Programs\SearchNewTab\Uninstall.lnk
  • %Program Files%\EZDownloader\EZDownloader.Core.dll
  • %Program Files%\EZDownloader\EZDownloader.exe
  • %Program Files%\EZDownloader\EZDownloader.exe.config
  • %Program Files%\EZDownloader\EZDownloader.Extension.dll
  • %Program Files%\EZDownloader\EZDownloader.Spider.dll
  • %Program Files%\EZDownloader\ICSharpCode.SharpZipLib.dll
  • %Program Files%\EZDownloader\Interop.SHDocVw.dll
  • %Program Files%\EZDownloader\TabStrip.dll
  • %Program Files%\EZDownloader\unins000.dat
  • %Program Files%\EZDownloader\unins000.exe
  • %Program Files%\SafeSaver\sprotector.dll
  • %Program Files%\SafeSaver\uninstall.exe
  • %Program Files%\WebSearch\sprotector.dll
  • %Program Files%\WebSearch\uninstall.exe

UnHackMe removes malware invisible for your antivirus!

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1. UnHackMe uses minimum of computer resources.

Testimonials:

Simon:
UnHackMe is a success where others have failed. We have used the software for sometime. Thank you for a great product, which actually works and we believe in the developers.

Bob:
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

Leave a Reply