Quantcast
Channel: How to Remove Malware
Viewing all articles
Browse latest Browse all 38585

WINDOWSNET-CLEANSVC.DLL is Adware SProtector.D

$
0
0

We received the file WINDOWSNET-CLEANSVC.DLL and detected that WINDOWSNET-CLEANSVC.DLL is not good.
WINDOWSNET-CLEANSVC.DLL is Adware. You should remove the file WINDOWSNET-CLEANSVC.DLL.
Kill the process WINDOWSNET-CLEANSVC.DLL and remove WINDOWSNET-CLEANSVC.DLL from Windows.

Malware Analysis of WINDOWSNET-CLEANSVC.DLL
Full path on a computer: %Common Appdata%\Windows net-clean\Windowsnet-cleanSvc.dll

Detected by UnHackMe:

WINDOWSNET-CLEANSVC.DLL
Default location: %Common Appdata%\Windows net-clean\Windowsnet-cleanSvc.dll

Removal Results: Success
Number of reboot: 1

WINDOWSNET-CLEANSVC.DLL is known as:

Adware.SProtector.D

WINDOWSNET-CLEANSVC.DLL hash:

  • MD5: 4af25892e598c1dd3092937d57c38aca
The file tries to connect to the dangerous web site.
How to quickly detect WINDOWSNET-CLEANSVC.DLL presence?
Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699705af}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\DOCUME~1\ALLUSE~1\APPLIC~1\WINDOW~1\WINDOW~1.DLL”,_uninstall /un”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699705af}\DisplayName: “Windows net-clean”
  • HKLM\System\CurrentControlSet\Services\699705af\ImagePath: “”%SysDir%\rundll32.exe” “c:\docume~1\alluse~1\applic~1\window~1\Windowsnet-cleanSvc.dll”,service”
  • HKLM\System\CurrentControlSet\Services\699705af\DisplayName: “Windows net-clean”
  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\window~1\window~1.dll”
Folders:
  • %Common Appdata%\Windows net-clean
Files:
  • %Temp%\__tmp_2e31fcf8
  • %Common Appdata%\Windows net-clean\Windowsnet-clean.dll
  • %Common Appdata%\Windows net-clean\Windowsnet-cleanSvc.dll


Viewing all articles
Browse latest Browse all 38585

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>