We received the file WS.BOOSTER and detected that WS.BOOSTER is not good.
WS.BOOSTER is Adware. You should remove the file WS.BOOSTER.
Kill the process WS.BOOSTER and remove WS.BOOSTER from Windows.
Malware Analysis of WS.BOOSTER
Full path on a computer: %Program Files%\WS.Booster
Detected by UnHackMe:
WS.BOOSTER
Default location: %Program Files%\WS.Booster
Removal Results: Success
Number of reboot: 1
WS.BOOSTER is known as:
Adware.SProtector-E, BProtector, Troj.Undef.(kcloud), Adware.SProtector, Trojan.SProtector.D, a variant of Win32.SProtector.D, AdWare.Bprotector
WS.BOOSTER hash:
- MD5: fbce81774db33bad6a386c47364e50a1
The file tries to connect to the dangerous web site.
How to quickly detect WS.BOOSTER presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{277817C8-08E2-4DFA-274C-4940E12533FF}\InprocServer32\: “%Program Files%\websave\Ovnqjsy.dll”
- HKLM\Software\Classes\CLSID\{BA09C50D-F483-8998-EB15-CF69DE1DFB62}\InprocServer32\: “%Program Files%\YoutubeAdblocker\N9v.dll”
- HKLM\Software\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32\: “%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll”
- HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\69ff35a7-e753-40ba-93e4-b806a6fee531\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{4A87D~1\Setup.exe /remove /q0″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\a0ef4fa7-51f8-4e20-8566-ffaee0393dac\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{BBB75~1\Setup.exe /remove /q0″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ab7ab03c-44a2-4b88-9320-f1e219d946bb\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{43FC0~1\Setup.exe /remove /q0″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\DisplayName: “LiveSupport”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\UninstallString: “”%Program Files%\LiveSupport\unins000.exe”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\DisplayName: “Optimizer Pro v3.2″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\UninstallString: “”%Program Files%\Optimizer Pro\unins000.exe” /VERYSILENT”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-5813881089\UninstallString: “”c:\documents and settings\all users\application data\safesoft\ws.booster\ws.booster.exe” /uninstall”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-5813881089\DisplayName: “WS.Booster”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller\DisplayName: “sweet-page uninstaller”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller\UninstallString: “%Appdata%\sweet-page\UninstallManager.exe ”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\DisplayName: “WPM17.8.0.3325″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\UninstallString: “%Common Appdata%\WPM\wprotectmanager.exe -uninstall”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}\UninstallString: “”%Common Appdata%\websave\HOqpVOt4.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}\DisplayName: “websave”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Common Appdata%\YoutubeAdblocker\c0NJ.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “YoutubeAdblocker”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\WS546B~1.BOO”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\DisplayName: “WS.Sustainer 1.80″
- HKLM\System\CurrentControlSet\Services\916e5338\ImagePath: “”%SysDir%\rundll32.exe” “c:\progra~1\WSSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\916e5338\DisplayName: “WS.Sustainer”
- HKLM\System\CurrentControlSet\Services\Wpm\ImagePath: “%Common Appdata%\WPM\wprotectmanager.exe -service”
- HKLM\System\CurrentControlSet\Services\Wpm\DisplayName: “Wpm Service”
- HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Optimizer Pro: “%Program Files%\Optimizer Pro\OptProLauncher.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LiveSupport: “”%Program Files%\LiveSupport\LiveSupport.exe” /noshow /log”
- HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” http://www.sweet-page.com/?type=sc&ts=1393323954&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Program Files%\Google\Chrome\Application\chrome.exe” http://www.sweet-page.com/?type=sc&ts=1393323954&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1393323954&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\OperaNext\shell\open\command\: “”%Program Files%\Opera Next\Launcher.exe” http://www.sweet-page.com/?type=sc&ts=1393323954&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe” http://www.sweet-page.com/?type=sc&ts=1393323954&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\ws546b~1.boo”
Folders:- %Appdata%\sweet-page
- %Common Appdata%\SafeSoft
- %Common Appdata%\SafeSoft\Setup
- %Common Appdata%\SafeSoft\WS.Booster
- %Common Appdata%\SafeSoft\WS.Booster\5813881089
- %Common Appdata%\websave
- %Common Appdata%\WPM
- %Common Appdata%\WPM\update
- %Common Appdata%\YoutubeAdblocker
- %Common Startmenu%\Programs\LiveSupport
- %Common Startmenu%\Programs\Optimizer Pro v3.2
- %Program Files%\LiveSupport
- %Program Files%\Optimizer Pro
- %Program Files%\websave
- %Program Files%\YoutubeAdblocker
Files:- %Appdata%\LiveSupport.exe_log.txt
- %Appdata%\regsvr32.exe_log.txt
- %Appdata%\sweet-page\16.json
- %Appdata%\sweet-page\images\bg1.png
- %Appdata%\sweet-page\images\button1.png
- %Appdata%\sweet-page\images\checked.png
- %Appdata%\sweet-page\images\close.png
- %Appdata%\sweet-page\images\min.png
- %Appdata%\sweet-page\images\Thumbs.db
- %Appdata%\sweet-page\images\unchecked.png
- %Appdata%\sweet-page\uninstallDlg.xml
- %Appdata%\sweet-page\UninstallManager.exe
- %Desktop%\LiveSupport.lnk
- %Desktop%\Optimizer Pro.lnk
- %Common Appdata%\SafeSoft\WS.Booster\5813881089.ini
- %Common Appdata%\SafeSoft\WS.Booster\WS.Booster.exe
- %Common Appdata%\websave\HOqpVOt4.dat
- %Common Appdata%\websave\HOqpVOt4.exe
- %Common Appdata%\WPM\wprotectmanager.exe
- %Common Appdata%\YoutubeAdblocker\c0NJ.dat
- %Common Appdata%\YoutubeAdblocker\c0NJ.exe
- %Common Startmenu%\Programs\LiveSupport\LiveSupport.lnk
- %Common Startmenu%\Programs\LiveSupport\Uninstall LiveSupport.lnk
- %Common Startmenu%\Programs\Optimizer Pro v3.2\Check updates.lnk
- %Common Startmenu%\Programs\Optimizer Pro v3.2\Help.lnk
- %Common Startmenu%\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk
- %Common Startmenu%\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk
- %Common Startmenu%\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk
- %Program Files%\Mozilla Firefox\browser\searchplugins\sweet-page.xml
- %Program Files%\LiveSupport\LiveSupport.exe
- %Program Files%\LiveSupport\LiveSupport_deskband_x32.dll
- %Program Files%\LiveSupport\LiveSupport_deskband_x64.dll
- %Program Files%\LiveSupport\unins000.dat
- %Program Files%\LiveSupport\unins000.exe
- %Program Files%\Optimizer Pro\bg_new1.bmp
- %Program Files%\Optimizer Pro\CookiesException.txt
- %Program Files%\Optimizer Pro\English.ini
- %Program Files%\Optimizer Pro\file_id.diz
- %Program Files%\Optimizer Pro\HomePage.url
- %Program Files%\Optimizer Pro\itdownload.dll
- %Program Files%\Optimizer Pro\OptimizerPro.chm
- %Program Files%\Optimizer Pro\OptimizerPro.exe
- %Program Files%\Optimizer Pro\OptProGuard.exe
- %Program Files%\Optimizer Pro\OptProLauncher.exe
- %Program Files%\Optimizer Pro\OptProReminder.exe
- %Program Files%\Optimizer Pro\OptProSchedule.exe
- %Program Files%\Optimizer Pro\OptProSmartScan.exe
- %Program Files%\Optimizer Pro\OptProStart.exe
- %Program Files%\Optimizer Pro\OptProUninstaller.exe
- %Program Files%\Optimizer Pro\scan.gif
- %Program Files%\Optimizer Pro\sqlite3.dll
- %Program Files%\Optimizer Pro\StartupList.txt
- %Program Files%\Optimizer Pro\unins000.dat
- %Program Files%\Optimizer Pro\unins000.exe
- %Program Files%\Optimizer Pro\unins000.msg
- %Program Files%\websave\Ovnqjsy.dat
- %Program Files%\websave\Ovnqjsy.dll
- %Program Files%\websave\Ovnqjsy.tlb
- %Program Files%\websave\Ovnqjsy.x64.dll
- %Program Files%\WS.Booster
- %Program Files%\WSSvc.dll
- %Program Files%\YoutubeAdblocker\N9v.dat
- %Program Files%\YoutubeAdblocker\N9v.dll
- %Program Files%\YoutubeAdblocker\N9v.tlb
- %Program Files%\YoutubeAdblocker\N9v.x64.dll
- %WinDir%\Tasks\WS.Booster-S-5813881089.job