We received the file METABLOGAGENT.EXE and detected that METABLOGAGENT.EXE is not good.
METABLOGAGENT.EXE is Adware. You should remove the file METABLOGAGENT.EXE.
Kill the process METABLOGAGENT.EXE and remove METABLOGAGENT.EXE from Windows.
Malware Analysis of METABLOGAGENT.EXE
Full path on a computer: %Local Appdata%\MetablogNewIssues\metablogagent.exe
Detected by UnHackMe:
METABLOGAGENT.EXE
Default location: %Local Appdata%\MetablogNewIssues\metablogagent.exe
Removal Results: Success
Number of reboot: 1
METABLOGAGENT.EXE is known as:
Adware.KrAdword.125576, Adware.CloverPlus.K, Download.Adware, ADW_KRADDARE, not-a-virus:AdWare.CloverPlus.hj, Adware.CloverPlus.HZ74IYebUZk, ApplicUnwnt, PUP.AdMatching, a variant of Win32.Adware.CloverPlus.AB, AdWare.Kwsearchguide
METABLOGAGENT.EXE hash:
- MD5: 8f20a7f89173fe76c4de0c7e23a5bf67
The file tries to download information from some web sites.
How to quickly detect METABLOGAGENT.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\metablogagent: “%Local Appdata%\MetablogNewIssues\metablogagent.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MetablogNewIssues: “”%Local Appdata%\MetablogNewIssues\MetablogNewIssues.exe” /byboot”
Folders:- %Local Appdata%\MetablogNewIssues
- %Temp%\adm
- %Temp%\is-ALFBN.tmp
Files:- %Local Appdata%\MetablogNewIssues\metablogagent.exe
- %Local Appdata%\MetablogNewIssues\MetablogNewIssues.exe
- %Local Appdata%\MetablogNewIssues\unins000.dat
- %Local Appdata%\MetablogNewIssues\unins000.exe
- %Temp%\adm\adinstall.exe
- %Temp%\is-ALFBN.tmp\adinstall.tmp