We received the file WINSYSFILTER.DLL and detected that WINSYSFILTER.DLL is not good.
WINSYSFILTER.DLL is Adware. You should remove the file WINSYSFILTER.DLL.
Kill the process WINSYSFILTER.DLL and remove WINSYSFILTER.DLL from Windows.
Malware Analysis of WINSYSFILTER.DLL
Full path on a computer: %Common Appdata%\Win sys filter\Winsysfilter.dll
Detected by UnHackMe:
WINSYSFILTER.DLL
Default location: %Common Appdata%\Win sys filter\Winsysfilter.dll
Removal Results: Success
Number of reboot: 1
WINSYSFILTER.DLL is known as:
Adware.SProtector.D
WINSYSFILTER.DLL hash:
- MD5: b99e501d0475f6bfd825dcebac8adf20
The file tries to download information from some web sites.
How to quickly detect WINSYSFILTER.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f18d166f}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\DOCUME~1\ALLUSE~1\APPLIC~1\WINSYS~1\WINSYS~1.DLL”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f18d166f}\DisplayName: “Win sys filter”
- HKLM\System\CurrentControlSet\Services\f18d166f\ImagePath: “”%SysDir%\rundll32.exe” “c:\docume~1\alluse~1\applic~1\winsys~1\WinsysfilterSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\f18d166f\DisplayName: “Win sys filter”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\winsys~1\winsys~1.dll”
Folders:- %Common Appdata%\Win sys filter
Files:- %Temp%\__tmp_007938da
- %Common Appdata%\Win sys filter\Winsysfilter.dll
- %Common Appdata%\Win sys filter\WinsysfilterSvc.dll