We received the file WINSPEEDSVC.DLL and detected that WINSPEEDSVC.DLL is not good.
WINSPEEDSVC.DLL is Adware. You should remove the file WINSPEEDSVC.DLL.
Kill the process WINSPEEDSVC.DLL and remove WINSPEEDSVC.DLL from Windows.
Malware Analysis of WINSPEEDSVC.DLL
Full path on a computer: %Common Appdata%\WinSpeed\WinSpeedSvc.dll
Detected by UnHackMe:
WINSPEEDSVC.DLL
Default location: %Common Appdata%\WinSpeed\WinSpeedSvc.dll
Removal Results: Success
Number of reboot: 1
WINSPEEDSVC.DLL is known as:
Adware.SProtector, Trojan-Downloader.Agent.zcox, BProtector, a variant of Win32.SProtector.D, W32.Agent.ZCOX.tr.dldr
WINSPEEDSVC.DLL hash:
- MD5: 0cad758ce4e5ef031081d1ef9bb7c2fa
The file tries to connect to the dangerous web site.
How to quickly detect WINSPEEDSVC.DLL presence?
Registry:
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{41f15de4}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinSpeed\WinSpeed.dll”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{41f15de4}\DisplayName: “WinSpeed”
- HKLM\System\CurrentControlSet\Services\41f15de4\ImagePath: “”%SysDir%\rundll32.exe” “c:\docume~1\alluse~1\applic~1\winspeed\WinSpeedSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\41f15de4\DisplayName: “WinSpeed”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\winspeed\winspeed.dll”
Folders:
- %Common Appdata%\WinSpeed
Files:
- %Temp%\__tmp_11480bb2
- %Common Appdata%\WinSpeed\WinSpeed.dll
- %Common Appdata%\WinSpeed\WinSpeedSvc.dll