We received the file WISELOOK.EXE and detected that WISELOOK.EXE is not good.
WISELOOK.EXE is Adware. You should remove the file WISELOOK.EXE.
Kill the process WISELOOK.EXE and remove WISELOOK.EXE from Windows.
Malware Analysis of WISELOOK.EXE
Full path on a computer: %Program Files%\WiseLook Application\WiseLook.exe
Detected by UnHackMe:
WISELOOK.EXE
Default location: %Program Files%\WiseLook Application\WiseLook.exe
Removal Results: Success
Number of reboot: 1
WISELOOK.EXE is known as:
Adware.SearchEye, Adware.WiseLook, Adware.Agent.Klic.A, Win32.Adware.WiseLook.A, Trojan-Downloader.Banload, Adware.Kraddare
WISELOOK.EXE hash:
- MD5: 2bfcb5cd361dd0126fe4e525bdb00510
The file tries to download information from some web sites.
How to quickly detect WISELOOK.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{36936EFC-0B55-4DF4-A01D-69CD27B4309E}\InprocServer32\: “C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\newtab\newtab32.dll”
- HKLM\Software\Classes\CLSID\{7CCA4EA6-CA02-4789-9419-34E85C7AC2DC}\InprocServer32\: “C:\PROGRA~1\WISELO~1\juso.dll”
- HKLM\System\CurrentControlSet\Services\BCSvc\Type: 0×00000110
- HKLM\System\CurrentControlSet\Services\BCSvc\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\BCSvc\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\BCSvc\ImagePath: “%Program Files%\barosearch\bsearchsvc.exe”
- HKLM\System\CurrentControlSet\Services\BCSvc\DisplayName: “BSearch Service”
- HKLM\System\CurrentControlSet\Services\BCSvc\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\BCSvc\Description: “The Service in Windows.”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WiseLook Application: “%Program Files%\WiseLook Application\WiseLook.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BSearch: “%Program Files%\barosearch\bsearch.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\newtab: “%Local Appdata%\newtab\newtab.exe”
Folders:- %Local Appdata%\newtab
- %Program Files%\barosearch
- %Program Files%\newtab
- %Program Files%\WiseLook Application
Files:- %Favorites%\CJmall.url
- %Favorites%\GS SHOP.url
- %Favorites%\Hmall.url
- %Local Appdata%\barosearchinstall.exe
- %Local Appdata%\newtab\newtab.exe
- %Local Appdata%\newtab\newtab32.dll
- %Local Appdata%\newtab\newtab64.dll
- %Local Appdata%\newtab\newtabdel.exe
- %Local Appdata%\newtab\newtabin.exe
- %Local Appdata%\wiselook.exe
- %Program Files%\barosearch\11st.ico
- %Program Files%\barosearch\auction.ico
- %Program Files%\barosearch\bsearch.exe
- %Program Files%\barosearch\bsearchsvc.exe
- %Program Files%\barosearch\cjmall.ico
- %Program Files%\barosearch\cybermall.ico
- %Program Files%\barosearch\dnshop.ico
- %Program Files%\barosearch\emart.ico
- %Program Files%\barosearch\faple.ico
- %Program Files%\barosearch\gmarket.ico
- %Program Files%\barosearch\gseshop.ico
- %Program Files%\barosearch\halfclub.ico
- %Program Files%\barosearch\hmall.ico
- %Program Files%\barosearch\istore1.ico
- %Program Files%\barosearch\lotte01.ico
- %Program Files%\barosearch\lotteimall.ico
- %Program Files%\barosearch\mutnam01.ico
- %Program Files%\barosearch\nseshop.ico
- %Program Files%\barosearch\player.ico
- %Program Files%\barosearch\samsungmall.ico
- %Program Files%\newtab\r.exe
- %Program Files%\WiseLook Application\juso.dll
- %Program Files%\WiseLook Application\WiseLook.exe