We received the file CLTMNGSVC.EXE and detected that CLTMNGSVC.EXE is not good.
CLTMNGSVC.EXE is Adware. You should remove the file CLTMNGSVC.EXE.
Kill the process CLTMNGSVC.EXE and remove CLTMNGSVC.EXE from Windows.
Malware Analysis of CLTMNGSVC.EXE
Full path on a computer: %Program Files%\SearchProtect\Main\bin\CltMngSvc.exe
Detected by UnHackMe:
CLTMNGSVC.EXE
Default location: %Program Files%\SearchProtect\Main\bin\CltMngSvc.exe
Removal Results: Success
Number of reboot: 1
CLTMNGSVC.EXE is known as:
Adware.PUP.Optional.Conduit.A, Conduit (fs), a variant of Win32.Conduit.SearchProtect.H, PUP.Conduit.A
CLTMNGSVC.EXE hash:
- MD5: 2ae149ca5b124d09ba1e76ea706d2095
The file tries to download information from some web sites.
How to quickly detect CLTMNGSVC.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Deeal FR\DisplayName: “Deeal FR”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Deeal FR\UninstallString: “%Program Files%\Deeal FR\Uninstall.exe /fromcontrolpanel=1″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect\DisplayName: “Search Protect”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect\UninstallString: “”C:\PROGRA~1\SearchProtect\Main\bin\uninstall.exe” /S”
- HKLM\System\CurrentControlSet\Services\CltMngSvc\ImagePath: “C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe”
- HKLM\System\CurrentControlSet\Services\CltMngSvc\DisplayName: “Search Protect by Conduit Service”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll”
Folders:- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins
- %Appdata%\wp_update
- %Local Appdata%\SearchProtect
- %Local Appdata%\SearchProtect\Logs
- %Local Appdata%\SearchProtect\SearchProtect
- %Local Appdata%\SearchProtect\SearchProtect\rep
- %Local Appdata%\SearchProtect\SearchProtect\STG
- %Local Appdata%\SearchProtect\UI
- %Local Appdata%\SearchProtect\UI\rep
- %Temp%\38fdaae5-8e0e-493c-88ec-e05c3be06e42
- %Temp%\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B
- %Temp%\nsb1B.tmp
- %Temp%\nsbD.tmp
- %Temp%\nse1F.tmp
- %Temp%\nse31.tmp
- %Temp%\nsh3C.tmp
- %Temp%\nsk36.tmp
- %Temp%\nskE
- %Temp%\nsn3.tmp
- %Temp%\nsq39.tmp
- %Temp%\nsu34.tmp
- %Temp%\nsv22.tmp
- %Temp%\nsw9.tmp
- %Temp%\_Temp_jxhucgc.tmp
- %Temp%\~bnovrgf
- %Program Files%\Deeal FR
- %Program Files%\SearchProtect
- %Program Files%\SearchProtect\Main
- %Program Files%\SearchProtect\Main\bin
- %Program Files%\SearchProtect\Main\rep
- %Program Files%\SearchProtect\SearchProtect
- %Program Files%\SearchProtect\SearchProtect\bin
- %Program Files%\SearchProtect\SearchProtect\rep
- %Program Files%\SearchProtect\UI
- %Program Files%\SearchProtect\UI\bin
- %Program Files%\SearchProtect\UI\dialogs
- %Program Files%\SearchProtect\UI\dialogs\bubble
- %Program Files%\SearchProtect\UI\dialogs\Images
- %Program Files%\SearchProtect\UI\dialogs\libs
- %Program Files%\SearchProtect\UI\dialogs\protection
- %Program Files%\SearchProtect\UI\dialogs\protectionDS
- %Program Files%\SearchProtect\UI\dialogs\settings
- %Program Files%\SearchProtect\UI\dialogs\uninstall
- %Program Files%\SearchProtect\UI\rep
Files:- %Appdata%\Microsoft\CryptnetUrlCache\Content\F6DEB9C1F3251400F7D6EB743CB14FB4
- %Appdata%\Microsoft\CryptnetUrlCache\MetaData\F6DEB9C1F3251400F7D6EB743CB14FB4
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins\conduit-search.xml
- %Appdata%\wp_update\currentVersion.txt
- %Appdata%\~svcgcdk.exe
- %Local Appdata%\Google\Chrome\User Data\Default\Extension Rules\000024.log
- %Local Appdata%\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000023
- %Local Appdata%\Google\Chrome\User Data\Default\Session Storage\000031.ldb
- %Local Appdata%\Google\Chrome\User Data\Default\Session Storage\000032.log
- %Local Appdata%\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000030
- %Local Appdata%\SearchProtect\SearchProtect\rep\Cvc.dat
- %Local Appdata%\SearchProtect\SearchProtect\rep\UserRepository.dat
- %Local Appdata%\SearchProtect\SearchProtect\rep\UserSettings.dat
- %Local Appdata%\SearchProtect\UI\rep\UIRepository.dat
- %Temp%\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js
- %Temp%\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json
- %Temp%\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js
- %Temp%\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js
- %Temp%\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json
- %Temp%\inet.txt
- %Temp%\nsa20.exe
- %Temp%\nsa20.tmp
- %Temp%\nsc1C.exe
- %Temp%\nsc1C.tmp
- %Temp%\nsh3C.tmp\166577
- %Temp%\nsh3C.tmp\5733
- %Temp%\nsh3C.tmp\inetc.dll
- %Temp%\nsh3C.tmp\InstallerUtils.dll
- %Temp%\nsh3C.tmp\InstallerUtils2.dll
- %Temp%\nsh3C.tmp\md5dll.dll
- %Temp%\nsh3C.tmp\nsisos.dll
- %Temp%\nsh3C.tmp\StdUtils.dll
- %Temp%\nsh3C.tmp\System.dll
- %Temp%\nsh3C.tmp\update.json
- %Temp%\nsh3C.tmp\UserInfo.dll
- %Temp%\nsi4.tmp
- %Temp%\nsj38.tmp
- %Temp%\nsjA.tmp
- %Temp%\nskE\SpSetup.exe
- %Temp%\nskE.tmp
- %Temp%\nsn18.tmp
- %Temp%\nsp19.exe
- %Temp%\nsp19.tmp
- %Temp%\nsq39.tmp\Qqvgmsl.tmp
- %Temp%\nsq39.tmp\StdUtils.dll
- %Temp%\nsq39.tmp\System.dll
- %Temp%\nsq39.tmp\WrapperUtils.dll
- %Temp%\nsq39.tmp\Xkosts.exe
- %Temp%\nsw3B.tmp
- %Temp%\nsx2F.exe
- %Temp%\nsx2F.tmp
- %Temp%\nsx32.exe
- %Temp%\nsx32.tmp
- %Temp%\nsz2E.exe
- %Temp%\nsz2E.tmp
- %Temp%\setup.exe
- %Temp%\_Temp_jxhucgc.tmp\AARTEMIS.ini
- %Temp%\_Temp_jxhucgc.tmp\close.png
- %Temp%\_Temp_jxhucgc.tmp\CONDUIT.exe
- %Temp%\_Temp_jxhucgc.tmp\CONDUIT.ini
- %Temp%\_Temp_jxhucgc.tmp\CONF.ini
- %Temp%\_Temp_jxhucgc.tmp\decline.png
- %Temp%\_Temp_jxhucgc.tmp\FR.ini
- %Temp%\_Temp_jxhucgc.tmp\install_minecraft.ini
- %Temp%\_Temp_jxhucgc.tmp\INSTALL_MINECRAFT_install.exe
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL.ini
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_AARTEMIS_DEEAL.ini
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_BUBBLE_DEEAL.ini
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_BUBBLE_DEEAL_BIS.exe
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_BUBBLE_DEEAL_BIS.ini
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_DEEAL.ini
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_EASYSOFT_EULA.ini
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_IMMINENT_DEEAL.ini
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_MAIN_OFFER.html
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_MAIN_OFFER.ini
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_MYPCBACKUP_OPTIMIZERPRO.ini
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_MYPCBACKUP_PCMAXIMIZER.ini
- %Temp%\_Temp_jxhucgc.tmp\KREAPIXEL_SWEETPAGE_DEEAL.ini
- %Temp%\_Temp_jxhucgc.tmp\minecraft.png
- %Temp%\_Temp_jxhucgc.tmp\MYPCBACKUP.ini
- %Temp%\_Temp_jxhucgc.tmp\OPTIMIZERPRO.ini
- %Temp%\_Temp_jxhucgc.tmp\setup.ini
- %Temp%\_Temp_jxhucgc.tmp\SPI.exe
- %Temp%\_Temp_jxhucgc.tmp\terms_easysoft_en.html
- %Temp%\_Temp_jxhucgc.tmp\terms_easysoft_fr.html
- %Temp%\_Temp_jxhucgc.tmp\WAJAM.ini
- %Temp%\_Temp_jxhucgc.tmp\wajam_validate.exe
- %Temp%\~bnovrgf\deeal.exe
- %Temp%\~bnovrgf\~krafzml.ini
- %Program Files%\Deeal FR\40545.crx
- %Program Files%\Deeal FR\79c09b4e-f4df-41f4-a8d0-5c0552e9eee6-3.exe
- %Program Files%\Deeal FR\Uninstall.exe
- %Program Files%\Deeal FR\utils.exe
- %Program Files%\SearchProtect\EULA.txt
- %Program Files%\SearchProtect\Main\bin\CltMngSvc.exe
- %Program Files%\SearchProtect\Main\bin\SPTool.dll
- %Program Files%\SearchProtect\Main\bin\uninstall.exe
- %Program Files%\SearchProtect\Main\rep\SystemRepository.dat
- %Program Files%\SearchProtect\SearchProtect\bin\cltmng.exe
- %Program Files%\SearchProtect\SearchProtect\bin\SPTool64.exe
- %Program Files%\SearchProtect\SearchProtect\bin\SPVC32.dll
- %Program Files%\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
- %Program Files%\SearchProtect\SearchProtect\bin\SPVC64.dll
- %Program Files%\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
- %Program Files%\SearchProtect\UI\bin\cltmngui.exe
- %Program Files%\SearchProtect\UI\dialogs\bubble\bubble.css
- %Program Files%\SearchProtect\UI\dialogs\bubble\bubble.html
- %Program Files%\SearchProtect\UI\dialogs\bubble\bubble.js
- %Program Files%\SearchProtect\UI\dialogs\bubble\defaults.js
- %Program Files%\SearchProtect\UI\dialogs\Images\Apply-default.png
- %Program Files%\SearchProtect\UI\dialogs\Images\Apply-onclick.png
- %Program Files%\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
- %Program Files%\SearchProtect\UI\dialogs\Images\bg-with-logo.png
- %Program Files%\SearchProtect\UI\dialogs\Images\bg.png
- %Program Files%\SearchProtect\UI\dialogs\Images\bgNotif.png
- %Program Files%\SearchProtect\UI\dialogs\Images\bgSettings.png
- %Program Files%\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
- %Program Files%\SearchProtect\UI\dialogs\Images\bgUninstall.png
- %Program Files%\SearchProtect\UI\dialogs\Images\btnBlue.png
- %Program Files%\SearchProtect\UI\dialogs\Images\btnClose.png
- %Program Files%\SearchProtect\UI\dialogs\Images\btnSilver.png
- %Program Files%\SearchProtect\UI\dialogs\Images\checkbox.png
- %Program Files%\SearchProtect\UI\dialogs\Images\checkbox_checked.png
- %Program Files%\SearchProtect\UI\dialogs\Images\checkbox_def.png
- %Program Files%\SearchProtect\UI\dialogs\Images\close-win-def.png
- %Program Files%\SearchProtect\UI\dialogs\Images\close-win-over-click.png
- %Program Files%\SearchProtect\UI\dialogs\Images\gray-bg.png
- %Program Files%\SearchProtect\UI\dialogs\Images\hez-def.png
- %Program Files%\SearchProtect\UI\dialogs\Images\hez-selected.png
- %Program Files%\SearchProtect\UI\dialogs\Images\hez.png
- %Program Files%\SearchProtect\UI\dialogs\Images\icon-win.png
- %Program Files%\SearchProtect\UI\dialogs\Images\info-icon.png
- %Program Files%\SearchProtect\UI\dialogs\Images\menu-rollover.png
- %Program Files%\SearchProtect\UI\dialogs\Images\menu-selected.png
- %Program Files%\SearchProtect\UI\dialogs\Images\radio-button-def.png
- %Program Files%\SearchProtect\UI\dialogs\Images\radio-button-selected.png
- %Program Files%\SearchProtect\UI\dialogs\Images\radio-button.png
- %Program Files%\SearchProtect\UI\dialogs\Images\radio-button2.png
- %Program Files%\SearchProtect\UI\dialogs\Images\Settings-icon.png
- %Program Files%\SearchProtect\UI\dialogs\Images\text-field.png
- %Program Files%\SearchProtect\UI\dialogs\Images\v.png
- %Program Files%\SearchProtect\UI\dialogs\Images\x.png
- %Program Files%\SearchProtect\UI\dialogs\libs\defaults.js
- %Program Files%\SearchProtect\UI\dialogs\libs\dialogUtils.js
- %Program Files%\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
- %Program Files%\SearchProtect\UI\dialogs\libs\json2.min.js
- %Program Files%\SearchProtect\UI\dialogs\libs\main.js
- %Program Files%\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
- %Program Files%\SearchProtect\UI\dialogs\protection\defaults.js
- %Program Files%\SearchProtect\UI\dialogs\protection\protection.css
- %Program Files%\SearchProtect\UI\dialogs\protection\protection.html
- %Program Files%\SearchProtect\UI\dialogs\protection\protection.js
- %Program Files%\SearchProtect\UI\dialogs\protectionDS\defaults.js
- %Program Files%\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
- %Program Files%\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
- %Program Files%\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
- %Program Files%\SearchProtect\UI\dialogs\settings\defaults.js
- %Program Files%\SearchProtect\UI\dialogs\settings\settings.css
- %Program Files%\SearchProtect\UI\dialogs\settings\settings.html
- %Program Files%\SearchProtect\UI\dialogs\settings\settings.js
- %Program Files%\SearchProtect\UI\dialogs\settings.html
- %Program Files%\SearchProtect\UI\dialogs\style.css
- %Program Files%\SearchProtect\UI\dialogs\uninstall\defaults.js
- %Program Files%\SearchProtect\UI\dialogs\uninstall\uninstall.css
- %Program Files%\SearchProtect\UI\dialogs\uninstall\uninstall.html
- %Program Files%\SearchProtect\UI\dialogs\uninstall\uninstall.js
- %WinDir%\Tasks\79c09b4e-f4df-41f4-a8d0-5c0552e9eee6-3.job
- C:\END