We checked some samples of SUPPORTERSVC.DLL and detected the file SUPPORTERSVC.DLL as threat.
Remove the SUPPORTERSVC.DLL file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of SUPPORTERSVC.DLL
Full path on a computer:
Removal Results: Success
Number of reboot: 1
SUPPORTERSVC.DLL is known as:
Trojan.SProtector, BProtector, Trojan.WebPick.30, Trojan.SProtector.D, a variant of Win32.SProtector.D
SUPPORTERSVC.DLL hash:
- MD5: 73589cc8d7d481fb2ffc594b9c805b02
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect SUPPORTERSVC.DLL presence?
Registry:
- HKLM\Software\Classes\CLSID\{11FCE29B-FB0F-5DCD-EEC6-E70C9DD71261}\InprocServer32\: “%Program Files%\ShoppingChip\csLwwYCsi.dll”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}\UninstallString: “”%Common Appdata%\ShoppingChip\uzAB_xoUUl.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}\DisplayName: “ShoppingChip”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SUPPOR~1\SUPPOR~1.DLL”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}\DisplayName: “Supporter 1.80″
- HKLM\System\CurrentControlSet\Services\40030ae4\ImagePath: “”%SysDir%\rundll32.exe” “c:\progra~1\suppor~1\SupporterSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\40030ae4\DisplayName: “Supporter”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\suppor~1\suppor~1.dll”
Folders:
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org\content
- %Program Files%\ShoppingChip
- %Program Files%\Supporter
Files:
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org\bootstrap.js
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org\chrome.manifest
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org\content\bg.js
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\nsa.pkae@xyxkuyuay.org\install.rdf
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\background.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\content.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\lsdb.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\manifest.json
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ohmhkibmmkmbpfehpcghooleepnknamc\1.1\u7BfcYEUi_Y.js
- %Temp%\059157064.ini
- %Temp%\18be6784_.exe
- %Temp%\294823_.exe
- %Temp%\4ae13d6c_.exe
- %Profile%\AppData\LocalLow\{11FCE29B-FB0F-5DCD-EEC6-E70C9DD71261}\ShoppingChip.2.9.dat
- %Common Appdata%\d4cce9714edd12e7\{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}
- %Common Appdata%\ShoppingChip\uzAB_xoUUl.dat
- %Common Appdata%\ShoppingChip\uzAB_xoUUl.exe
- %Program Files%\ShoppingChip\csLwwYCsi.dat
- %Program Files%\ShoppingChip\csLwwYCsi.dll
- %Program Files%\ShoppingChip\csLwwYCsi.tlb
- %Program Files%\ShoppingChip\csLwwYCsi.x64.dll
- %Program Files%\Supporter\Supporter.dll
- %Program Files%\Supporter\SupporterSvc.dll