We received the file SW-BOOSTER.EXE and detected that SW-BOOSTER.EXE is not good.
SW-BOOSTER.EXE is Adware. You should remove the file SW-BOOSTER.EXE.
Kill the process SW-BOOSTER.EXE and remove SW-BOOSTER.EXE from Windows.
Malware Analysis of SW-BOOSTER.EXE
Full path on a computer: %Common Appdata%\SoftWarehouse\SW-Booster\SW-Booster.exe
Detected by UnHackMe:
SW-BOOSTER.EXE
Default location: %Common Appdata%\SoftWarehouse\SW-Booster\SW-Booster.exe
Removal Results: Success
Number of reboot: 1
SW-BOOSTER.EXE is known as:
Adware.PUP.Optional.MultiPlug.A, Trojan-Downloader ( 0048ec4f1 ), Trojan.Downloader.Agent.afd, Trojan.DL.Adload.sfG54tBszYg, W32.Trojan2.OBQW, Win32.Tnega.VeAcWa, Win32:Agent-ASOC [Adw], Trojan-Downloader.Adload.dyhq, Trojan.Agent.cojdgu, Trojan.S.Agent.729600.B, Trojan-Downloader.Adload (A), TrojWare.TrojanDownloader.Agent.AFD, Trojan.DownLoad3.30962, TR.Downloader.A.988, Troj.Agent-AFFX, TrojanDownloader.Adload.vxu, Trojan.Agent, W32.Trojan.ZIUW-3330, TrojanDownloader.Adload, Trojan.Agent.50, Win32.TrojanDownloader.Agent.AFD, Trojan-Downloader.Adload, W32.Agent.AFD.tr.dldr, Trj.WLT.A, Win32.Trojan.Downloader.ec6
SW-BOOSTER.EXE hash:
- MD5: 1d283dd3ae2312eee624e8b8c46f6adb
The file tries to connect to the dangerous web site.
How to quickly detect SW-BOOSTER.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{A76B4D2A-E99E-2F78-1A8A-2BFEEF1D7458}\InprocServer32\: “%Program Files%\YoutubeAdblocker\zII.dll”
- HKLM\Software\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32\: “%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll”
- HKLM\Software\Classes\CLSID\{FC15F2F6-646D-1682-B142-10243F65FAEE}\InprocServer32\: “%Program Files%\safeuweb\p3_l80ip.dll”
- HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\a979a955-e778-45df-80d8-943219a84817\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{64949~1\Setup.exe /remove /q0″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\DisplayName: “LiveSupport”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\UninstallString: “”%Program Files%\LiveSupport\unins000.exe”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\DisplayName: “Optimizer Pro v3.2″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\UninstallString: “”%Program Files%\Optimizer Pro\unins000.exe”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-321744724\UninstallString: “”c:\documents and settings\all users\application data\softwarehouse\sw-booster\sw-booster.exe” /uninstall”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-321744724\DisplayName: “SW-Booster”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller\DisplayName: “sweet-page uninstaller”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller\UninstallString: “%Appdata%\sweet-page\UninstallManager.exe ”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\DisplayName: “WPM17.8.0.3442″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\UninstallString: “%Common Appdata%\WPM\wprotectmanager.exe -uninstall”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1\DisplayName: “EZDownloader”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1\UninstallString: “”%Program Files%\EZDownloader\unins000.exe”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Common Appdata%\YoutubeAdblocker\ll3j.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “YoutubeAdblocker”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{497C131E-2032-051B-B32A-C69A960FBB13}\UninstallString: “”%Common Appdata%\safeuweb\742pkCFyz.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{497C131E-2032-051B-B32A-C69A960FBB13}\DisplayName: “safeuweb”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SW-BOO~1\ASSIST~1.DLL”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb}\DisplayName: “SW-Sustainer 1.80″
- HKLM\System\CurrentControlSet\Services\c67abfdb\ImagePath: “”%SysDir%\rundll32.exe” “c:\progra~1\sw-boo~1\AssistantSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\c67abfdb\DisplayName: “SW-Sustainer”
- HKLM\System\CurrentControlSet\Services\Wpm\ImagePath: “%Common Appdata%\WPM\wprotectmanager.exe -service”
- HKLM\System\CurrentControlSet\Services\Wpm\DisplayName: “Wpm Service”
- HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Optimizer Pro: “%Program Files%\Optimizer Pro\OptProLauncher.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LiveSupport: “”%Program Files%\LiveSupport\LiveSupport.exe” /noshow /log”
- HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” http://www.sweet-page.com/?type=sc&ts=1395332827&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Program Files%\Google\Chrome\Application\chrome.exe” http://www.sweet-page.com/?type=sc&ts=1395332827&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1395332827&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\OperaNext\shell\open\command\: “”%Program Files%\Opera Next\Launcher.exe” http://www.sweet-page.com/?type=sc&ts=1395332827&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe” http://www.sweet-page.com/?type=sc&ts=1395332827&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\sw-boo~1\assist~1.dll”
Folders:- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\nxvqjhgt@oii-qdcaioy.co.uk
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\nxvqjhgt@oii-qdcaioy.co.uk\content
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\pzsgifvv@jqmcyosf.net
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\pzsgifvv@jqmcyosf.net\content
- %Appdata%\sweet-page
- %Appdata%\sweet-page\images
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\acacjbfmjkaehnmlapheijffnmnpmdpm
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\acacjbfmjkaehnmlapheijffnmnpmdpm\1.0
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek\156
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\nhacpchfjdapiaanddliodkkgfakgllm
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\nhacpchfjdapiaanddliodkkgfakgllm\1.1
- %Temp%\fullpackage_temp1395332795
- %Temp%\fullpackage_temp1395332795\images
- %Temp%\fullpackage_temp1395332795\log
- %Temp%\fullpackage_temp1395332795\skin
- %Temp%\fullpackage_temp1395332795\skin\all
- %Temp%\fullpackage_temp1395332795\tmp
- %Temp%\{0C09D06F-974D-4E90-85BD-0ACC35168C86}
- %Profile%\AppData
- %Profile%\AppData\LocalLow
- %Profile%\AppData\LocalLow\{A76B4D2A-E99E-2F78-1A8A-2BFEEF1D7458}
- %Profile%\AppData\LocalLow\{FC15F2F6-646D-1682-B142-10243F65FAEE}
- %Common Appdata%\d4cce9714edd12e7
- %Common Appdata%\InstallMate
- %Common Appdata%\InstallMate\54A414DB
- %Common Appdata%\InstallMate\{64949B84-0999-44A5-A64E-41BBBF77B972}
- %Common Appdata%\safeuweb
- %Common Appdata%\SoftWarehouse
- %Common Appdata%\SoftWarehouse\Setup
- %Common Appdata%\SoftWarehouse\SW-Booster
- %Common Appdata%\SoftWarehouse\SW-Booster\321744724
- %Common Appdata%\WPM
- %Common Appdata%\WPM\update
- %Common Appdata%\YoutubeAdblocker
- %Common Startmenu%\Programs\EZDownloader
- %Common Startmenu%\Programs\LiveSupport
- %Common Startmenu%\Programs\Optimizer Pro v3.2
- %Program Files%\EZDownloader
- %Program Files%\LiveSupport
- %Program Files%\Optimizer Pro
- %Program Files%\safeuweb
- %Program Files%\SW-Booster
- %Program Files%\YoutubeAdblocker
- %SysDir%\AMD64
- %SysDir%\X86
Files:- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\nxvqjhgt@oii-qdcaioy.co.uk\bootstrap.js
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\nxvqjhgt@oii-qdcaioy.co.uk\chrome.manifest
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\nxvqjhgt@oii-qdcaioy.co.uk\content\bg.js
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\nxvqjhgt@oii-qdcaioy.co.uk\install.rdf
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\pzsgifvv@jqmcyosf.net\bootstrap.js
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\pzsgifvv@jqmcyosf.net\chrome.manifest
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\pzsgifvv@jqmcyosf.net\content\bg.js
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\pzsgifvv@jqmcyosf.net\install.rdf
- %Appdata%\LiveSupport.exe_log.txt
- %Appdata%\regsvr32.exe_log.txt
- %Appdata%\sweet-page\16.json
- %Appdata%\sweet-page\images\bg1.png
- %Appdata%\sweet-page\images\button1.png
- %Appdata%\sweet-page\images\checked.png
- %Appdata%\sweet-page\images\close.png
- %Appdata%\sweet-page\images\min.png
- %Appdata%\sweet-page\images\Thumbs.db
- %Appdata%\sweet-page\images\unchecked.png
- %Appdata%\sweet-page\uninstallDlg.xml
- %Appdata%\sweet-page\UninstallManager.exe
- %Desktop%\LiveSupport.lnk
- %Desktop%\Optimizer Pro.lnk
- %Common Appdata%\SoftWarehouse\SW-Booster\321744724.ini
- %Common Appdata%\SoftWarehouse\SW-Booster\SW-Booster.exe
- %Common Appdata%\WPM\wprotectmanager.exe
- %Common Appdata%\YoutubeAdblocker\ll3j.dat
- %Common Appdata%\YoutubeAdblocker\ll3j.exe
- %Common Desktopdirectory%\EZDownloader.lnk
- %Common Startmenu%\Programs\EZDownloader\EZDownloader.lnk
- %Common Startmenu%\Programs\LiveSupport\LiveSupport.lnk
- %Common Startmenu%\Programs\LiveSupport\Uninstall LiveSupport.lnk
- %Common Startmenu%\Programs\Optimizer Pro v3.2\Check updates.lnk
- %Common Startmenu%\Programs\Optimizer Pro v3.2\Help.lnk
- %Common Startmenu%\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk
- %Common Startmenu%\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk
- %Common Startmenu%\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk
- %Program Files%\Mozilla Firefox\browser\searchplugins\sweet-page.xml
- %Program Files%\EZDownloader\EZDownloader.Core.dll
- %Program Files%\EZDownloader\EZDownloader.exe
- %Program Files%\EZDownloader\EZDownloader.exe.config
- %Program Files%\EZDownloader\EZDownloader.Extension.dll
- %Program Files%\EZDownloader\EZDownloader.Spider.dll
- %Program Files%\EZDownloader\ICSharpCode.SharpZipLib.dll
- %Program Files%\EZDownloader\Interop.SHDocVw.dll
- %Program Files%\EZDownloader\TabStrip.dll
- %Program Files%\EZDownloader\unins000.dat
- %Program Files%\EZDownloader\unins000.exe
- %Program Files%\LiveSupport\LiveSupport.exe
- %Program Files%\LiveSupport\LiveSupport_deskband_x32.dll
- %Program Files%\LiveSupport\LiveSupport_deskband_x64.dll
- %Program Files%\LiveSupport\unins000.dat
- %Program Files%\LiveSupport\unins000.exe
- %Program Files%\LiveSupport\unins000.msg
- %Program Files%\Optimizer Pro\bg_new1.bmp
- %Program Files%\Optimizer Pro\CookiesException.txt
- %Program Files%\Optimizer Pro\English.ini
- %Program Files%\Optimizer Pro\file_id.diz
- %Program Files%\Optimizer Pro\HomePage.url
- %Program Files%\Optimizer Pro\itdownload.dll
- %Program Files%\Optimizer Pro\OptimizerPro.chm
- %Program Files%\Optimizer Pro\OptimizerPro.exe
- %Program Files%\Optimizer Pro\OptProGuard.exe
- %Program Files%\Optimizer Pro\OptProLauncher.exe
- %Program Files%\Optimizer Pro\OptProReminder.exe
- %Program Files%\Optimizer Pro\OptProSchedule.exe
- %Program Files%\Optimizer Pro\OptProSmartScan.exe
- %Program Files%\Optimizer Pro\OptProStart.exe
- %Program Files%\Optimizer Pro\OptProUninstaller.exe
- %Program Files%\Optimizer Pro\scan.gif
- %Program Files%\Optimizer Pro\sqlite3.dll
- %Program Files%\Optimizer Pro\StartupList.txt
- %Program Files%\Optimizer Pro\unins000.dat
- %Program Files%\Optimizer Pro\unins000.exe
- %Program Files%\Optimizer Pro\unins000.msg
- %Program Files%\safeuweb\p3_l80ip.dat
- %Program Files%\safeuweb\p3_l80ip.dll
- %Program Files%\safeuweb\p3_l80ip.tlb
- %Program Files%\safeuweb\p3_l80ip.x64.dll
- %Program Files%\SW-Booster\Assistant.dll
- %Program Files%\SW-Booster\AssistantSvc.dll
- %Program Files%\YoutubeAdblocker\zII.dat
- %Program Files%\YoutubeAdblocker\zII.dll
- %Program Files%\YoutubeAdblocker\zII.tlb
- %Program Files%\YoutubeAdblocker\zII.x64.dll
- %WinDir%\Tasks\SW-Booster-S-321744724.job