We received the file WINSYSFILTERSVC.DLL and detected that WINSYSFILTERSVC.DLL is not good.
WINSYSFILTERSVC.DLL is Adware. You should remove the file WINSYSFILTERSVC.DLL.
Kill the process WINSYSFILTERSVC.DLL and remove WINSYSFILTERSVC.DLL from Windows.
Malware Analysis of WINSYSFILTERSVC.DLL
Full path on a computer: %Common Appdata%\Win sys filter\WinsysfilterSvc.dll
Detected by UnHackMe:
WINSYSFILTERSVC.DLL
Default location: %Common Appdata%\Win sys filter\WinsysfilterSvc.dll
Removal Results: Success
Number of reboot: 1
WINSYSFILTERSVC.DLL is known as:
Adware.SProtector.D
WINSYSFILTERSVC.DLL hash:
- MD5: add5566c693f1dc8d07f8b324dd45a3d
The file tries to download information from some web sites.
How to quickly detect WINSYSFILTERSVC.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f18d166f}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\DOCUME~1\ALLUSE~1\APPLIC~1\WINSYS~1\WINSYS~1.DLL”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f18d166f}\DisplayName: “Win sys filter”
- HKLM\System\CurrentControlSet\Services\f18d166f\ImagePath: “”%SysDir%\rundll32.exe” “c:\docume~1\alluse~1\applic~1\winsys~1\WinsysfilterSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\f18d166f\DisplayName: “Win sys filter”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\winsys~1\winsys~1.dll”
Folders:- %Common Appdata%\Win sys filter
Files:- %Temp%\__tmp_007938da
- %Common Appdata%\Win sys filter\Winsysfilter.dll
- %Common Appdata%\Win sys filter\WinsysfilterSvc.dll