We received the file TB_WELOVEGAMES.EXE and detected that TB_WELOVEGAMES.EXE is not good.
TB_WELOVEGAMES.EXE is Adware. You should remove the file TB_WELOVEGAMES.EXE.
Kill the process TB_WELOVEGAMES.EXE and remove TB_WELOVEGAMES.EXE from Windows.
Malware Analysis of TB_WELOVEGAMES.EXE
Full path on a computer: %Temp%\9fcf150a-d7a2-44f0-8b81-da56b16baa43\tb_WeLoveGames.exe
Detected by UnHackMe:
TB_WELOVEGAMES.EXE
Default location: %Temp%\9fcf150a-d7a2-44f0-8b81-da56b16baa43\tb_WeLoveGames.exe
Removal Results: Success
Number of reboot: 1
TB_WELOVEGAMES.EXE is known as:
Adware.MalSign.Generic.834, PUP.Optional.Conduit.A
TB_WELOVEGAMES.EXE hash:
- MD5: ddd81e969106c67e14acb63ff3b3e40a
The file tries to connect to the dangerous web site.
How to quickly detect TB_WELOVEGAMES.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Google\Chrome\Extensions\jfloeibahpfkdblkhkmjmfiipeodnlhd\path: “%Local Appdata%\CRE\jfloeibahpfkdblkhkmjmfiipeodnlhd.crx”
- HKLM\Software\Google\Chrome\Extensions\jfloeibahpfkdblkhkmjmfiipeodnlhd\version: “10.29.0.20″
- HKCU\Software\Google\Chrome\Extensions\jfloeibahpfkdblkhkmjmfiipeodnlhd\path: “%Local Appdata%\CRE\jfloeibahpfkdblkhkmjmfiipeodnlhd.crx”
- HKCU\Software\Google\Chrome\Extensions\jfloeibahpfkdblkhkmjmfiipeodnlhd\version: “10.29.0.20″
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\APISupport: “”%SysDir%\Rundll32.exe” “%Local Appdata%\TB\APISupport\APISupport.dll”,DLLRunAPISupport”
Folders:- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\jfloeibahpfkdblkhkmjmfiipeodnlhd
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\jfloeibahpfkdblkhkmjmfiipeodnlhd\Dummy
- %Local Appdata%\CRE
- %Local Appdata%\NativeMessaging
- %Local Appdata%\NativeMessaging\CT2712698
- %Local Appdata%\NativeMessaging\CT2712698\1_0_1_6
- %Local Appdata%\TB
- %Local Appdata%\TB\APISupport
- %Local Appdata%\TB\APISupport\APISupport_2.1.0.8
- %Local Appdata%\TB\APISupport\MiniSP_1.0.2.93
- %Local Appdata%\TB\ChromeExtData
- %Local Appdata%\TB\ChromeExtData\jfloeibahpfkdblkhkmjmfiipeodnlhd
- %Local Appdata%\TB\ChromeExtData\jfloeibahpfkdblkhkmjmfiipeodnlhd\Repository
- %Local Appdata%\tbccint
- %Local Appdata%\tbccint\Chrome
- %Local Appdata%\tbccint\Chrome\CT2712698
- %Temp%\0
- %Temp%\9fcf150a-d7a2-44f0-8b81-da56b16baa43
- %Temp%\CT2712698
- %Temp%\f9c027ed-1192-4cb4-93c6-f3d265836201
- %Temp%\NativeMessaging
- %Temp%\NativeMessaging\CT2712698
- %Temp%\NativeMessaging\CT2712698\nativeMessaging
- %Temp%\nsf9.tmp
- %Temp%\nsg6.tmp
- %Temp%\nss3.tmp
- %Temp%\TestIfExeExist
- %Temp%\TestIfExeExist\CT2712698
- %Temp%\TestIfExeExist\CT2712698\nativeMessaging
Files:- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\jfloeibahpfkdblkhkmjmfiipeodnlhd\Dummy\CT2712698.txt
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\jfloeibahpfkdblkhkmjmfiipeodnlhd\Dummy\initdata.json
- %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jfloeibahpfkdblkhkmjmfiipeodnlhd_0.localstorage
- %Local Appdata%\Google\Chrome\User Data\Default\Reset Prompt Memento
- %Local Appdata%\CRE\jfloeibahpfkdblkhkmjmfiipeodnlhd.crx
- %Local Appdata%\NativeMessaging\CT2712698\1_0_1_6\nmHostConfig.json
- %Local Appdata%\NativeMessaging\CT2712698\1_0_1_6\nmHostManifest.json
- %Local Appdata%\NativeMessaging\CT2712698\1_0_1_6\TBMessagingHost.exe
- %Local Appdata%\NativeMessaging\CT2712698\nmHostManifest.json
- %Local Appdata%\TB\APISupport\APISupport.dll
- %Local Appdata%\TB\APISupport\APISupport.old
- %Local Appdata%\TB\APISupport\APISupport_2.1.0.8\ApiSupport.dll
- %Local Appdata%\TB\APISupport\MiniSP_1.0.2.93\MiniSP.dll
- %Local Appdata%\TB\ChromeExtData\jfloeibahpfkdblkhkmjmfiipeodnlhd\Repository\CT2712698.dum.txt
- %Local Appdata%\TB\ChromeExtData\jfloeibahpfkdblkhkmjmfiipeodnlhd\Repository\CT2712698.searchUserMode.txt
- %Local Appdata%\TB\ChromeExtData\jfloeibahpfkdblkhkmjmfiipeodnlhd\Repository\ToolbarFullUserID.txt
- %Local Appdata%\TB\ChromeExtData\jfloeibahpfkdblkhkmjmfiipeodnlhd\Repository\ToolbarUserId.txt
- %Local Appdata%\tbccint\Chrome\CT2712698\CHUninstaller.exe
- %Local Appdata%\tbccint\Chrome\CT2712698\configutaion.json
- %Local Appdata%\tbccint\Chrome\CT2712698\Uninstaller.ico
- %Local Appdata%\tbccint\Chrome\CT2712698\UninstallerUI.exe
- %Temp%\0\ddt.csf
- %Temp%\9fcf150a-d7a2-44f0-8b81-da56b16baa43\tb_WeLoveGames.exe
- %Temp%\CT2712698\CT2712698.txt
- %Temp%\CT2712698\ddt.csf
- %Temp%\CT2712698\initdata.json
- %Temp%\CT2712698\manifest.json
- %Temp%\f9c027ed-1192-4cb4-93c6-f3d265836201\tb_WeLoveGames.exe
- %Temp%\NativeMessaging\CT2712698\nativeMessaging\nmHostConfig.json
- %Temp%\NativeMessaging\CT2712698\nativeMessaging\nmHostManifest.json
- %Temp%\NativeMessaging\CT2712698\nativeMessaging\TBMessagingHost.exe
- %Temp%\NativeMessaging\CT2712698.crx
- %Temp%\nsaE.tmp
- %Temp%\nsg6.tmp\DownloadACC.dll
- %Temp%\nsg6.tmp\webapphost.dll
- %Temp%\nss3.tmp\DownloadACC.dll
- %Temp%\nss3.tmp\webapphost.dll
- %Temp%\nssF.tmp
- %Temp%\nsz10.tmp
- %Temp%\TestIfExeExist\CT2712698\nativeMessaging\TBMessagingHost.exe
- %Temp%\~DF700A.tmp
- %WinDir%\assembly\ngenlock.dat