SBTOOL.EXE is Adware Kraddare.GN

Detected by UnHackMe:

SBTOOL.EXE
Default location: %Program Files%\SbTool\SbTool.exe

Removal Results: Success
Number of reboot: 1

SBTOOL.EXE is known as:

Adware.Kraddare.GN, MalSign.Nbiz

SBTOOL.EXE hash:

• MD5: 4c38a02feab3bd52da1e873eb35fc113

Registry:

• HKLM\Software\Classes\CLSID\{1D6B1C2E-D8C1-4271-A932-F6F60F473D58}\InprocServer32\: “%Program Files%\SbTool\SbTool.dll”
• HKLM\Software\Classes\CLSID\{38A4B143-090D-48F8-871F-AAC15E1E4295}\InprocServer32\: “%Program Files%\SbTool\SbTool.dll”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SbTool: “%Program Files%\SbTool\SbTool.exe”
• HKLM\System\CurrentControlSet\Services\WinLogon\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
• HKLM\System\CurrentControlSet\Services\WinLogon\Type: 0×00000020
• HKLM\System\CurrentControlSet\Services\WinLogon\Start: 0×00000002
• HKLM\System\CurrentControlSet\Services\WinLogon\ErrorControl: 0×00000000
• HKLM\System\CurrentControlSet\Services\WinLogon\ImagePath: “%Temp%\svchost.exe”
• HKLM\System\CurrentControlSet\Services\WinLogon\DisplayName: “WinLogon”
• HKLM\System\CurrentControlSet\Services\WinLogon\ObjectName: “LocalSystem”
• HKLM\System\CurrentControlSet\Services\WinLogon\Description: “Provides automatic configuration for the 802.11 adapters”

Folders:

• %Program Files%\SbTool

Files:

• %Temp%\svchost.exe
• %Program Files%\SbTool\SbTool.dll
• %Program Files%\SbTool\SbTool.exe
• %Program Files%\SbTool\Uninstall.exe
• %WinDir%\ttt.dat