We received the file PERFORMANCERSVC.DLL and detected that PERFORMANCERSVC.DLL is not good.
PERFORMANCERSVC.DLL is Adware. You should remove the file PERFORMANCERSVC.DLL.
Kill the process PERFORMANCERSVC.DLL and remove PERFORMANCERSVC.DLL from Windows.
Malware Analysis of PERFORMANCERSVC.DLL
Full path on a computer: %Common Appdata%\Performancer\PerformancerSvc.dll
Detected by UnHackMe:
PERFORMANCERSVC.DLL
Default location: %Common Appdata%\Performancer\PerformancerSvc.dll
Removal Results: Success
Number of reboot: 1
PERFORMANCERSVC.DLL is known as:
Adware.SProtector.D
PERFORMANCERSVC.DLL hash:
- MD5: 0ddd5dc3282e5911a9bf1fac46563ff7
The file tries to download information from some web sites.
How to quickly detect PERFORMANCERSVC.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{a1befe1b}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\DOCUME~1\ALLUSE~1\APPLIC~1\PERFOR~1\PERFOR~1.DLL”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{a1befe1b}\DisplayName: “Performancer”
- HKLM\System\CurrentControlSet\Services\a1befe1b\ImagePath: “”%SysDir%\rundll32.exe” “c:\docume~1\alluse~1\applic~1\perfor~1\PerformancerSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\a1befe1b\DisplayName: “Performancer”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\perfor~1\perfor~1.dll”
Folders:- %Common Appdata%\Performancer
Files:- %Temp%\__tmp_316ce711
- %Common Appdata%\Performancer\Performancer.dll
- %Common Appdata%\Performancer\PerformancerSvc.dll