We received the file WINDOWFORSMARTINSTALL.EXE and detected that WINDOWFORSMARTINSTALL.EXE is not good.
WINDOWFORSMARTINSTALL.EXE is Adware. You should remove the file WINDOWFORSMARTINSTALL.EXE.
Kill the process WINDOWFORSMARTINSTALL.EXE and remove WINDOWFORSMARTINSTALL.EXE from Windows.
Malware Analysis of WINDOWFORSMARTINSTALL.EXE
Full path on a computer: %Appdata%\windowforsmartinstall.exe
Detected by UnHackMe:
Item Name: msprivs
Author:
Current Setting: %APPDATA%\WINDOWFORSMARTINSTALL.EXE
Type: Registry Run
Removal Results: Success
Number of reboot: 1
WINDOWFORSMARTINSTALL.EXE is known as:
Adware.SelfStarterInternet
WINDOWFORSMARTINSTALL.EXE hash:
- MD5: 1cc39f93740288223a53b490d9423990
The file tries to connect to the dangerous web site.
How to quickly detect WINDOWFORSMARTINSTALL.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SSIagent: “%Local Appdata%\SSI\SSIagent.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\msprivs: “%Appdata%\windowforsmartinstall.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SSI: “”%Local Appdata%\SSI\SSI.exe” /byboot”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C0CF452F-532D-4b9f-AD1B-9E06538BBADB}_is1\UninstallString: “”%Local Appdata%\SSI\unins000.exe”"
- HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\msprivs10\UninstallString: “%Local Appdata%\Apps\msprivs_uninst.exe”
Folders:- %Local Appdata%\Apps
- %Local Appdata%\SSI
- %Temp%\adm
Files:- %Appdata%\windowforsmartinstall.exe
- %Local Appdata%\Apps\msprivs_uninst.exe
- %Local Appdata%\SSI\SSI.exe
- %Local Appdata%\SSI\SSIagent.exe
- %Local Appdata%\SSI\ssub.exe
- %Local Appdata%\SSI\unins000.dat
- %Local Appdata%\SSI\unins000.exe
- %Temp%\adm\ssiinstall.exe