We received the file WINCLEANPERFORMAPSVC.DLL and detected that WINCLEANPERFORMAPSVC.DLL is not good.
WINCLEANPERFORMAPSVC.DLL is Adware. You should remove the file WINCLEANPERFORMAPSVC.DLL.
Kill the process WINCLEANPERFORMAPSVC.DLL and remove WINCLEANPERFORMAPSVC.DLL from Windows.
Malware Analysis of WINCLEANPERFORMAPSVC.DLL
Full path on a computer: %Common Appdata%\Winclean performap\WincleanperformapSvc.dll
Detected by UnHackMe:
WINCLEANPERFORMAPSVC.DLL
Default location: %Common Appdata%\Winclean performap\WincleanperformapSvc.dll
Removal Results: Success
Number of reboot: 1
WINCLEANPERFORMAPSVC.DLL is known as:
Adware.SProtector
WINCLEANPERFORMAPSVC.DLL hash:
- MD5: 83f841d281e6c77bd9fa3aafa2601d90
The file tries to download information from some web sites.
How to quickly detect WINCLEANPERFORMAPSVC.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{dd43b191}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\DOCUME~1\ALLUSE~1\APPLIC~1\WINCLE~1\WINCLE~1.DLL”,_uninstall /un”
- HKLM\System\CurrentControlSet\Services\dd43b191\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\System\CurrentControlSet\Services\dd43b191\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\dd43b191\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\dd43b191\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\dd43b191\ImagePath: “”%SysDir%\rundll32.exe” “c:\docume~1\alluse~1\applic~1\wincle~1\WincleanperformapSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\dd43b191\DisplayName: “Winclean performap”
- HKLM\System\CurrentControlSet\Services\dd43b191\ObjectName: “LocalSystem”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\wincle~1\wincle~1.dll”
Folders:- %Common Appdata%\Winclean performap
Files:- %Temp%\__tmp_0bd7e2c3
- %Common Appdata%\Winclean performap\Wincleanperformap.dll
- %Common Appdata%\Winclean performap\WincleanperformapSvc.dll