We received the file BICLIENT.EXE and detected that BICLIENT.EXE is not good.
BICLIENT.EXE is Adware. You should remove the file BICLIENT.EXE.
Kill the process BICLIENT.EXE and remove BICLIENT.EXE from Windows.
Malware Analysis of BICLIENT.EXE
Full path on a computer: %Temp%\biclient.exe
Detected by UnHackMe:
BICLIENT.EXE
Default location: %Temp%\biclient.exe
Removal Results: Success
Number of reboot: 1
BICLIENT.EXE is known as:
Adware.PUP.Optional.Somoto.A, PUA.Somoto., W32.SomotoBetterInstaller.A.Eldorado, Win32:Somoto-F [PUP], not-a-virus:Downloader.NSIS.Agent.aq, Trojan.Agent.cruvhh, Application.Somoto.d, Adware.Downware.1184, Somoto BetterInstaller, Trojan.Tgenic, Application.Somoto.C, Downloader.Agent, Win32.Somoto.A, PUP.MultiToolbar.A
BICLIENT.EXE hash:
- MD5: 92c732231b7909edeff180174c6ef499
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect BICLIENT.EXE presence?
Registry:
- HKLM\Software\Classes\sdp\shell\open\command\: “”%Local Appdata%\FilesFrog Update Checker\update_checker.exe” /protocol %1″
- HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\DisplayName: “1place.org Games version 1.4″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\UninstallString: “”%Local Appdata%\1place.org Games\unins000.exe”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\DisplayName: “BaseFlash”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\UninstallString: “%Appdata%\BaseFlash\uninstallkit.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\DisplayName: “FilesFrog Update Checker”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\UninstallString: “%Local Appdata%\FilesFrog Update Checker\uninstall.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\DisplayName: “SpeedUpMyComputer”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\UninstallString: “%Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\DisplayName: “VO Package”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\UninstallString: “”%Appdata%\VOPackage\uninstall.exe”"
- HKLM\System\CurrentControlSet\Services\GamesRS\ImagePath: “%Program Files%\GamesRS\GUpdater.exe”
- HKLM\System\CurrentControlSet\Services\GamesRS\DisplayName: “GamesRS”
- HKLM\System\CurrentControlSet\Services\srvProtectExtension\ImagePath: “%Appdata%\BaseFlash\protect\ProtectExtension.exe”
- HKLM\System\CurrentControlSet\Services\srvProtectExtension\DisplayName: “Protect your browser’s extensions and plugins”
- HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SDP: “%Local Appdata%\FilesFrog Update Checker\update_checker.exe /auto ”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SpeedUpMyComputer: “%Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as”
Folders:
- %Appdata%\BaseFlash
- %Appdata%\pdfforge
- %Appdata%\VOPackage
- %Local Appdata%\1place.org Games
- %Local Appdata%\FilesFrog Update Checker
- %Temp%\bhfiles
- %Temp%\bhfiles\x86
- %Temp%\DI
- %Temp%\nsg37.tmp
- %Temp%\nslF.tmp
- %Temp%\nsq1E.tmp
- %Temp%\SP
- %Programs%\FilesFrog Update Checker
- %Programs%\SmartTweak Software
- %Programs%\SmartTweak Software\SpeedUpMyComputer
- %Programs%\VOPackage
- %Common Appdata%\Microsoft\Dr Watson
- %Common Startmenu%\Programs\PDFCreator
- %Common Startmenu%\Programs\PDFCreator\Images2PDF
- %Common Startmenu%\Programs\PDFCreator\Licenses
- %Program Files%\GamesRS
- %Program Files%\SmartTweak
- %Program Files%\SmartTweak\SpeedUpMyComputer
- %SysDir%\spool\drivers\WIN40
Files:
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\playgame@zugaramedia.com.xpi
- %Appdata%\BaseFlash\protect\config.xml
- %Appdata%\BaseFlash\protect\Interop.Shell32.dll
- %Appdata%\BaseFlash\protect\Newtonsoft.Json.dll
- %Appdata%\BaseFlash\protect\ProtectExtension.exe
- %Appdata%\BaseFlash\protect\sqlite3.exe
- %Appdata%\BaseFlash\protect\utilsDll.dll
- %Appdata%\BaseFlash\uninstallkit.exe
- %Appdata%\pdfforge\Images2PDF\Images2PDF.settings
- %Appdata%\pdfforge\PDFArchitect\PDFArchitect.settings
- %Appdata%\VOPackage\Uninstall.exe
- %Appdata%\VOPackage\VOPackage.exe
- %Desktop%\SpeedUpMyComputer.lnk
- %Local Appdata%\Google\Chrome\User Data\Default\Extension Rules\000024.log
- %Local Appdata%\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000023
- %Local Appdata%\Google\Chrome\User Data\Default\Extension State\000008.ldb
- %Local Appdata%\Google\Chrome\User Data\Default\Extension State\000009.log
- %Local Appdata%\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007
- %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_cdn.anyoption.com_0.localstorage
- %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_cdn.anyoption.com_0.localstorage-journal
- %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage
- %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage-journal
- %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
- %Local Appdata%\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage-journal
- %Local Appdata%\Google\Chrome\User Data\Default\Session Storage\000031.ldb
- %Local Appdata%\Google\Chrome\User Data\Default\Session Storage\000032.log
- %Local Appdata%\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000030
- %Local Appdata%\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\73TULH2Y\macromedia.com\support\flashplayer\sys\settings.sol
- %Local Appdata%\1place.org Games\unins000.dat
- %Local Appdata%\1place.org Games\unins000.exe
- %Local Appdata%\FilesFrog Update Checker\TempWmicBatchFile.bat
- %Local Appdata%\FilesFrog Update Checker\uninstall.exe
- %Local Appdata%\FilesFrog Update Checker\update_checker.exe
- %Temp%\1PlaceOrgGames_Somoto.exe
- %Temp%\4.tmp
- %Temp%\bhfiles\7z.dll
- %Temp%\bhfiles\BrowserHelper.exe
- %Temp%\bhfiles\BrowserHelper.exe.config
- %Temp%\bhfiles\browserhelper.log
- %Temp%\bhfiles\ff_conduit_check.json
- %Temp%\bhfiles\IEOpenServiceHelper.exe
- %Temp%\bhfiles\Newtonsoft.Json.dll
- %Temp%\bhfiles\SevenZipSharp.dll
- %Temp%\bhfiles\STch.json
- %Temp%\bhfiles\STch.json.old
- %Temp%\bhfiles\STff.json
- %Temp%\bhfiles\STff.json.old
- %Temp%\bhfiles\STie.json
- %Temp%\bhfiles\STie.json.old
- %Temp%\bhfiles\sweettunes_search.xml
- %Temp%\bhfiles\sweettunes_search.xml.old
- %Temp%\bhfiles\System.Data.SQLite.dll
- %Temp%\bhfiles\trusted_search.xml
- %Temp%\bhfiles\x86\SQLite.Interop.dll
- %Temp%\biclient.exe
- %Temp%\DI\InstallerLibrary.dll
- %Temp%\DI\ValidationScriptLibrary.dll
- %Temp%\heu39T.nss
- %Temp%\InstallerLibrary.dll
- %Temp%\jdaaAVBC_132
- %Temp%\ms.exe
- %Temp%\nsa24.tmp
- %Temp%\nsg37.tmp\Registry.dll
- %Temp%\nsk41.tmp
- %Temp%\nslF.tmp\registry.dll
- %Temp%\nsq1E.tmp\InstallerLibrary.dll
- %Temp%\nsq1E.tmp\ValidationScriptLibrary.dll
- %Temp%\nsw19.tmp
- %Temp%\Number of results
- %Temp%\PDFCreator-1_3_2_setup.exe
- %Temp%\qms.exe
- %Temp%\setup_132.exe
- %Temp%\SpeedUpMyComputer.exe
- %Temp%\UpdateCheckerSetup.exe
- %Temp%\ValidationScriptLibrary.dll
- %Programs%\FilesFrog Update Checker\Check for Updates.lnk
- %Programs%\FilesFrog Update Checker\Uninstall.lnk
- %Programs%\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.lnk
- %Programs%\SmartTweak Software\SpeedUpMyComputer\Uninstall.lnk
- %Programs%\SmartTweak Software\SpeedUpMyComputer\Website.lnk
- %Programs%\VOPackage\Configure.lnk
- %Common Appdata%\Microsoft\Dr Watson\drwtsn32.log
- %Common Desktopdirectory%\1place.org Games.url
- %Common Desktopdirectory%\PDFArchitect.lnk
- %Common Desktopdirectory%\PDFCreator.lnk
- %Common Startmenu%\Programs\PDFCreator\Donate PDFCreator.lnk
- %Common Startmenu%\Programs\PDFCreator\History.lnk
- %Common Startmenu%\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk
- %Common Startmenu%\Programs\PDFCreator\Images2PDF\Images2PDF.lnk
- %Common Startmenu%\Programs\PDFCreator\Licenses\AFPL License.lnk
- %Common Startmenu%\Programs\PDFCreator\Licenses\FairPlay License.lnk
- %Common Startmenu%\Programs\PDFCreator\Licenses\GPL License.lnk
- %Common Startmenu%\Programs\PDFCreator\PDFArchitect.lnk
- %Common Startmenu%\Programs\PDFCreator\PDFCreator Help.lnk
- %Common Startmenu%\Programs\PDFCreator\PDFCreator on the Web.lnk
- %Common Startmenu%\Programs\PDFCreator\PDFCreator.lnk
- %Common Startmenu%\Programs\PDFCreator\Translation Tool.lnk
- %Program Files%\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
- %Program Files%\GamesRS\GUpdater.exe
- %Program Files%\GamesRS\msvcp100.dll
- %Program Files%\GamesRS\msvcr100.dll
- %Program Files%\GamesRS\QtCore4.dll
- %Program Files%\GamesRS\QtNetwork4.dll
- %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe
- %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.url
- %Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe
- %SysDir%\spool\drivers\w32x86\3\PDFCREAT.BPD
- %SysDir%\spool\drivers\w32x86\3\PDFCREAT.PPD
- %SysDir%\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %SysDir%\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %SysDir%\MSMAPI32.OCX
- %SysDir%\MSMPIDE.DLL
- %SysDir%\pdfcmon.dll