We received the file WINDOWSNET-CLEANSVC.DLL and detected that WINDOWSNET-CLEANSVC.DLL is not good.
WINDOWSNET-CLEANSVC.DLL is Adware. You should remove the file WINDOWSNET-CLEANSVC.DLL.
Kill the process WINDOWSNET-CLEANSVC.DLL and remove WINDOWSNET-CLEANSVC.DLL from Windows.
Malware Analysis of WINDOWSNET-CLEANSVC.DLL
Full path on a computer: %Common Appdata%\Windows net-clean\Windowsnet-cleanSvc.dll
Detected by UnHackMe:
WINDOWSNET-CLEANSVC.DLL
Default location: %Common Appdata%\Windows net-clean\Windowsnet-cleanSvc.dll
Removal Results: Success
Number of reboot: 1
WINDOWSNET-CLEANSVC.DLL is known as:
Adware.SProtector.D
WINDOWSNET-CLEANSVC.DLL hash:
- MD5: 4af25892e598c1dd3092937d57c38aca
The file tries to connect to the dangerous web site.
How to quickly detect WINDOWSNET-CLEANSVC.DLL presence?
Registry:
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699705af}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\DOCUME~1\ALLUSE~1\APPLIC~1\WINDOW~1\WINDOW~1.DLL”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699705af}\DisplayName: “Windows net-clean”
- HKLM\System\CurrentControlSet\Services\699705af\ImagePath: “”%SysDir%\rundll32.exe” “c:\docume~1\alluse~1\applic~1\window~1\Windowsnet-cleanSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\699705af\DisplayName: “Windows net-clean”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\window~1\window~1.dll”
Folders:
- %Common Appdata%\Windows net-clean
Files:
- %Temp%\__tmp_2e31fcf8
- %Common Appdata%\Windows net-clean\Windowsnet-clean.dll
- %Common Appdata%\Windows net-clean\Windowsnet-cleanSvc.dll