We received the file WINCLEANPERFORMAP.DLL and detected that WINCLEANPERFORMAP.DLL is not good.
WINCLEANPERFORMAP.DLL is Adware. You should remove the file WINCLEANPERFORMAP.DLL.
Kill the process WINCLEANPERFORMAP.DLL and remove WINCLEANPERFORMAP.DLL from Windows.
Malware Analysis of WINCLEANPERFORMAP.DLL
Full path on a computer: %Common Appdata%\Winclean performap\Wincleanperformap.dll
Detected by UnHackMe:
WINCLEANPERFORMAP.DLL
Default location: %Common Appdata%\Winclean performap\Wincleanperformap.dll
Removal Results: Success
Number of reboot: 1
WINCLEANPERFORMAP.DLL is known as:
Adware.SProtector
WINCLEANPERFORMAP.DLL hash:
- MD5: 2afd8dc035010a44c59f7d03508de03b
The file tries to connect to the dangerous web site.
How to quickly detect WINCLEANPERFORMAP.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{dd43b191}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\DOCUME~1\ALLUSE~1\APPLIC~1\WINCLE~1\WINCLE~1.DLL”,_uninstall /un”
- HKLM\System\CurrentControlSet\Services\dd43b191\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\System\CurrentControlSet\Services\dd43b191\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\dd43b191\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\dd43b191\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\dd43b191\ImagePath: “”%SysDir%\rundll32.exe” “c:\docume~1\alluse~1\applic~1\wincle~1\WincleanperformapSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\dd43b191\DisplayName: “Winclean performap”
- HKLM\System\CurrentControlSet\Services\dd43b191\ObjectName: “LocalSystem”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\wincle~1\wincle~1.dll”
Folders:- %Common Appdata%\Winclean performap
Files:- %Temp%\__tmp_0bd7e2c3
- %Common Appdata%\Winclean performap\Wincleanperformap.dll
- %Common Appdata%\Winclean performap\WincleanperformapSvc.dll