We received the file MICROWINDOWSEARCH.EXE and detected that MICROWINDOWSEARCH.EXE is not good.
MICROWINDOWSEARCH.EXE is Adware. You should remove the file MICROWINDOWSEARCH.EXE.
Kill the process MICROWINDOWSEARCH.EXE and remove MICROWINDOWSEARCH.EXE from Windows.
Malware Analysis of MICROWINDOWSEARCH.EXE
Full path on a computer: %SysDir%\MicrowindowSearch\MicrowindowSearch.exe
Detected by UnHackMe:
MICROWINDOWSEARCH.EXE
Default location: %SysDir%\MicrowindowSearch\MicrowindowSearch.exe
Removal Results: Success
Number of reboot: 1
MICROWINDOWSEARCH.EXE is known as:
Adware.Kraddare, PUP.WindowsLiveProtect, AdWare.MicrowinSearch, AdWare.ACP
MICROWINDOWSEARCH.EXE hash:
- MD5: 64002c24500ef7748e914a65cacfba99
How to quickly detect MICROWINDOWSEARCH.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MicrowindowSearch: “%SysDir%\MicrowindowSearch\MicrowindowSearch.exe”
- HKLM\System\CurrentControlSet\Services\ApplicationSpecialManagement\ImagePath: “%SysDir%\WindowServiceNT.exe”
- HKLM\System\CurrentControlSet\Services\ApplicationSpecialManagement\DisplayName: “Application Special Management”
- HKLM\System\CurrentControlSet\Services\ApplicationSpecialManagement\ObjectName: “LocalSystem”
Folders:- %Temp%\is-476PR.tmp
- %Temp%\is-476PR.tmp\_isetup
- %Temp%\is-N68UD.tmp
- %SysDir%\MicrowindowSearch
Files:- %Temp%\is-476PR.tmp\_isetup\_RegDLL.tmp
- %Temp%\is-476PR.tmp\_isetup\_shfoldr.dll
- %Temp%\is-N68UD.tmp\MicrowindowSearch_setup_07.tmp
- %Program Files%\del_bat.cmd
- %Program Files%\MicrowindowSearch_setup_07.exe
- %SysDir%\MicrowindowSearch\FreeApp.exe
- %SysDir%\MicrowindowSearch\MicrowindowSearch.dat
- %SysDir%\MicrowindowSearch\MicrowindowSearch.exe
- %SysDir%\MicrowindowSearch\unins000.dat
- %SysDir%\MicrowindowSearch\unins000.exe
- %SysDir%\WindowServiceNT.exe