We checked up the file NEWTAB.EXE and found it hazardous.
The file NEWTAB.EXE must be deleted from the system immediately.
Kill the process NEWTAB.EXE and remove NEWTAB.EXE from the Windows startup.
Malware Analysis of NEWTAB.EXE
Full path on a computer: %Local Appdata%\newtab\newtab.exe
Detected by UnHackMe:
Item Name: newtab
Author:
Related File: %Local Appdata%\newtab\newtab.exe
Type: Registry Run
Removal Results: Success
Number of reboot: 1
NEWTAB.EXE is known as:
Trojan.STPAGE
NEWTAB.EXE hash:
- MD5: e150a5d67493af3c6d59099ae3002643
The file tries to download information from some web sites.
How to quickly detect NEWTAB.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{36936EFC-0B55-4DF4-A01D-69CD27B4309E}\InprocServer32\: “C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\newtab\newtab32.dll”
- HKLM\Software\Classes\CLSID\{7CCA4EA6-CA02-4789-9419-34E85C7AC2DC}\InprocServer32\: “C:\PROGRA~1\WISELO~1\juso.dll”
- HKLM\System\CurrentControlSet\Services\BCSvc\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\System\CurrentControlSet\Services\BCSvc\Type: 0×00000110
- HKLM\System\CurrentControlSet\Services\BCSvc\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\BCSvc\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\BCSvc\ImagePath: “%Program Files%\barosearch\bsearchsvc.exe”
- HKLM\System\CurrentControlSet\Services\BCSvc\DisplayName: “BSearch Service”
- HKLM\System\CurrentControlSet\Services\BCSvc\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\BCSvc\Description: “The Service in Windows.”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WiseLook Application: “%Program Files%\WiseLook Application\WiseLook.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BSearch: “%Program Files%\barosearch\bsearch.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\newtab: “%Local Appdata%\newtab\newtab.exe”
Folders:- %Local Appdata%\newtab
- %Program Files%\barosearch
- %Program Files%\newtab
- %Program Files%\WiseLook Application
Files:- %Favorites%\CJmall.url
- %Favorites%\GS SHOP.url
- %Favorites%\Hmall.url
- %Local Appdata%\barosearchinstall.exe
- %Local Appdata%\newtab\newtab.exe
- %Local Appdata%\newtab\newtab32.dll
- %Local Appdata%\newtab\newtab64.dll
- %Local Appdata%\newtab\newtabdel.exe
- %Local Appdata%\newtab\newtabin.exe
- %Local Appdata%\wiselook.exe
- %Program Files%\barosearch\11st.ico
- %Program Files%\barosearch\auction.ico
- %Program Files%\barosearch\bsearch.exe
- %Program Files%\barosearch\bsearchsvc.exe
- %Program Files%\barosearch\cjmall.ico
- %Program Files%\barosearch\cybermall.ico
- %Program Files%\barosearch\dnshop.ico
- %Program Files%\barosearch\emart.ico
- %Program Files%\barosearch\faple.ico
- %Program Files%\barosearch\gmarket.ico
- %Program Files%\barosearch\gseshop.ico
- %Program Files%\barosearch\halfclub.ico
- %Program Files%\barosearch\hmall.ico
- %Program Files%\barosearch\istore1.ico
- %Program Files%\barosearch\lotte01.ico
- %Program Files%\barosearch\lotteimall.ico
- %Program Files%\barosearch\mutnam01.ico
- %Program Files%\barosearch\nseshop.ico
- %Program Files%\barosearch\player.ico
- %Program Files%\barosearch\samsungmall.ico
- %Program Files%\newtab\r.exe
- %Program Files%\WiseLook Application\juso.dll
- %Program Files%\WiseLook Application\WiseLook.exe