We received the file STOOL.EXE and detected that STOOL.EXE is not good.
STOOL.EXE is Adware. You should remove the file STOOL.EXE.
Kill the process STOOL.EXE and remove STOOL.EXE from Windows.
Malware Analysis of STOOL.EXE
Full path on a computer: %Program Files%\STool\STool.exe
Detected by UnHackMe:
STOOL.EXE
Default location: %Program Files%\STool\STool.exe
Removal Results: Success
Number of reboot: 1
STOOL.EXE is known as:
Adware.SideOn, Unwanted-Program ( 00454f261 ), Adware.Kraddare.4m4xK53KRA4, Adware.Adpopup, Win32:Adware-BBH [PUP], not-a-virus:AdWare.Kraddare.ml, ApplicUnwnt, Trojan.DownLoader11.3826, Adware.SideOn, PUP.Helper, a variant of Win32.Adware.Kraddare.GN, MalSign.Nbiz
STOOL.EXE hash:
- MD5: 4e4429ab531f3d553359e0ffac25fe20
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect STOOL.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{88B3E7BD-0AD1-44FD-823F-9E880D871D5D}\InprocServer32\: “%Program Files%\STool\STool.dll”
- HKLM\Software\Classes\CLSID\{C5C4B8B0-6077-4E32-BC18-A45FB81BC6B4}\InprocServer32\: “%Program Files%\STool\STool.dll”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\STool: “%Program Files%\STool\STool.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\STool\DisplayName: “STool”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\STool\UninstallString: “%Program Files%\STool\Uninstall.exe”
- HKLM\System\CurrentControlSet\Services\WinLogon\ImagePath: “%Temp%\svchost.exe”
- HKLM\System\CurrentControlSet\Services\WinLogon\DisplayName: “WinLogon”
Folders:- %Program Files%\STool
Files:- %Temp%\svchost.exe
- %Temp%\updat.xxx
- %Program Files%\STool\setting.dat
- %Program Files%\STool\STool.dll
- %Program Files%\STool\STool.exe
- %Program Files%\STool\Uninstall.exe