We checked some samples of SUPPORTER.DLL and detected the file SUPPORTER.DLL as threat.
Remove the SUPPORTER.DLL file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of SUPPORTER.DLL
Full path on a computer: %Program Files%\Supporter\Supporter.dll
Detected by UnHackMe:
SUPPORTER.DLL
Default location: %Program Files%\Supporter\Supporter.dll
Removal Results: Success
Number of reboot: 1
SUPPORTER.DLL is known as:
Trojan.SProtector, Win32:SProtector-E [PUP], BProtector, TR.BProtector.A.53, Troj.Undef.(kcloud), Adware.SProtector, a variant of Win32.SProtector.E, Adware.Bprotect, Trojan.SProtector.E
SUPPORTER.DLL hash:
- MD5: 8704b802061aa74e30581518f9628e1e
The file tries to connect to the dangerous web site.
How to quickly detect SUPPORTER.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{11FCE29B-FB0F-5DCD-EEC6-E70C9DD71261}\InprocServer32\: “%Program Files%\ShoppingChip\csLwwYCsi.dll”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}\UninstallString: “”%Common Appdata%\ShoppingChip\uzAB_xoUUl.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}\DisplayName: “ShoppingChip”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SUPPOR~1\SUPPOR~1.DLL”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}\DisplayName: “Supporter 1.80″
- HKLM\System\CurrentControlSet\Services\40030ae4\ImagePath: “”%SysDir%\rundll32.exe” “c:\progra~1\suppor~1\SupporterSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\40030ae4\DisplayName: “Supporter”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\suppor~1\suppor~1.dll”
Folders:- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org\content
- %Program Files%\ShoppingChip
- %Program Files%\Supporter
Files:- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org\bootstrap.js
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org\chrome.manifest
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org\content\bg.js
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org\install.rdf
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\background.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\content.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\lsdb.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\manifest.json
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\u7BfcYEUi_Y.js
- %Local Appdata%\Google\Chrome SxS\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\background.html
- %Local Appdata%\Google\Chrome SxS\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\content.js
- %Local Appdata%\Google\Chrome SxS\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\lsdb.js
- %Local Appdata%\Google\Chrome SxS\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\manifest.json
- %Local Appdata%\Google\Chrome SxS\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\u7BfcYEUi_Y.js
- %Local Appdata%\Comodo\Dragon\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\background.html
- %Local Appdata%\Comodo\Dragon\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\content.js
- %Local Appdata%\Comodo\Dragon\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\lsdb.js
- %Local Appdata%\Comodo\Dragon\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\manifest.json
- %Local Appdata%\Comodo\Dragon\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\u7BfcYEUi_Y.js
- %Local Appdata%\Torch\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\background.html
- %Local Appdata%\Torch\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\content.js
- %Local Appdata%\Torch\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\lsdb.js
- %Local Appdata%\Torch\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\manifest.json
- %Local Appdata%\Torch\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\u7BfcYEUi_Y.js
- %Temp%\059157064.ini
- %Temp%\18be6784_.exe
- %Temp%\294823_.exe
- %Temp%\4ae13d6c_.exe
- %Profile%\AppData\LocalLow\{11FCE29B-FB0F-5DCD-EEC6-E70C9DD71261}\ShoppingChip.2.9.dat
- %Common Appdata%\d4cce9714edd12e7\{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}
- %Common Appdata%\ShoppingChip\uzAB_xoUUl.dat
- %Common Appdata%\ShoppingChip\uzAB_xoUUl.exe
- %Program Files%\ShoppingChip\csLwwYCsi.dat
- %Program Files%\ShoppingChip\csLwwYCsi.dll
- %Program Files%\ShoppingChip\csLwwYCsi.tlb
- %Program Files%\ShoppingChip\csLwwYCsi.x64.dll
- %Program Files%\Supporter\Supporter.dll
- %Program Files%\Supporter\SupporterSvc.dll