We received the file PROTECTEXTENSION.EXE and detected that PROTECTEXTENSION.EXE is not good.
PROTECTEXTENSION.EXE is Adware. You should remove the file PROTECTEXTENSION.EXE.
Kill the process PROTECTEXTENSION.EXE and remove PROTECTEXTENSION.EXE from Windows.
Malware Analysis of PROTECTEXTENSION.EXE
Full path on a computer: %Appdata%\BaseFlash\protect\ProtectExtension.exe
Detected by UnHackMe:
PROTECTEXTENSION.EXE
Default location: %Appdata%\BaseFlash\protect\ProtectExtension.exe
Removal Results: Success
Number of reboot: 1
PROTECTEXTENSION.EXE is known as:
Adware.BaseFlash, probably a variant of MSIL.Vittalia.D, Adware.Vittalia, Adware.Vittalia.81
PROTECTEXTENSION.EXE hash:
- MD5: 1faa6c0e5c2752c976017f2ebb774fdc
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect PROTECTEXTENSION.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\sdp\shell\open\command\: “”%Local Appdata%\FilesFrog Update Checker\update_checker.exe” /protocol %1″
- HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\DisplayName: “1place.org Games version 1.4″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1place.org Games_is1\UninstallString: “”%Local Appdata%\1place.org Games\unins000.exe”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\DisplayName: “BaseFlash”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BaseFlash\UninstallString: “%Appdata%\BaseFlash\uninstallkit.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\DisplayName: “FilesFrog Update Checker”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker\UninstallString: “%Local Appdata%\FilesFrog Update Checker\uninstall.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\DisplayName: “SpeedUpMyComputer”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer\UninstallString: “%Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\DisplayName: “VO Package”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage\UninstallString: “”%Appdata%\VOPackage\uninstall.exe”"
- HKLM\System\CurrentControlSet\Services\GamesRS\ImagePath: “%Program Files%\GamesRS\GUpdater.exe”
- HKLM\System\CurrentControlSet\Services\GamesRS\DisplayName: “GamesRS”
- HKLM\System\CurrentControlSet\Services\srvProtectExtension\ImagePath: “%Appdata%\BaseFlash\protect\ProtectExtension.exe”
- HKLM\System\CurrentControlSet\Services\srvProtectExtension\DisplayName: “Protect your browser’s extensions and plugins”
- HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d82e4a1b-8ba4-4c85-895c-05e6d3e49e2e}\DisplayName: “Search Protect Search”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SDP: “%Local Appdata%\FilesFrog Update Checker\update_checker.exe /auto ”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SpeedUpMyComputer: “%Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as”
Folders:- %Appdata%\BaseFlash
- %Appdata%\BaseFlash\protect
- %Appdata%\VOPackage
- %Local Appdata%\Google\Chrome\User Data\Default\Pepper Data
- %Local Appdata%\1place.org Games
- %Local Appdata%\FilesFrog Update Checker
- %Temp%\bhfiles
- %Temp%\bhfiles\x86
- %Temp%\DI
- %Temp%\nsg37.tmp
- %Temp%\nslF.tmp
- %Temp%\nsq1E.tmp
- %Temp%\SP
- %Programs%\FilesFrog Update Checker
- %Programs%\SmartTweak Software
- %Programs%\SmartTweak Software\SpeedUpMyComputer
- %Programs%\VOPackage
- %Common Appdata%\Microsoft\Dr Watson
- %Common Startmenu%\Programs\PDFCreator
- %Common Startmenu%\Programs\PDFCreator\Images2PDF
- %Common Startmenu%\Programs\PDFCreator\Licenses
- %Program Files%\GamesRS
- %Program Files%\SmartTweak
- %Program Files%\SmartTweak\SpeedUpMyComputer
- %SysDir%\spool\drivers\WIN40
Files:- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\playgame@zugaramedia.com.xpi
- %Appdata%\BaseFlash\protect\config.xml
- %Appdata%\BaseFlash\protect\Interop.Shell32.dll
- %Appdata%\BaseFlash\protect\Newtonsoft.Json.dll
- %Appdata%\BaseFlash\protect\ProtectExtension.exe
- %Appdata%\BaseFlash\protect\sqlite3.exe
- %Appdata%\BaseFlash\protect\utilsDll.dll
- %Appdata%\BaseFlash\uninstallkit.exe
- %Appdata%\pdfforge\Images2PDF\Images2PDF.settings
- %Appdata%\pdfforge\PDFArchitect\PDFArchitect.settings
- %Appdata%\VOPackage\Uninstall.exe
- %Appdata%\VOPackage\VOPackage.exe
- %Desktop%\SpeedUpMyComputer.lnk
- %Local Appdata%\1place.org Games\unins000.dat
- %Local Appdata%\1place.org Games\unins000.exe
- %Local Appdata%\FilesFrog Update Checker\TempWmicBatchFile.bat
- %Local Appdata%\FilesFrog Update Checker\uninstall.exe
- %Local Appdata%\FilesFrog Update Checker\update_checker.exe
- %Temp%\1PlaceOrgGames_Somoto.exe
- %Temp%\4.tmp
- %Temp%\bhfiles\7z.dll
- %Temp%\bhfiles\BrowserHelper.exe
- %Temp%\bhfiles\BrowserHelper.exe.config
- %Temp%\bhfiles\browserhelper.log
- %Temp%\bhfiles\ff_conduit_check.json
- %Temp%\bhfiles\IEOpenServiceHelper.exe
- %Temp%\bhfiles\Newtonsoft.Json.dll
- %Temp%\bhfiles\SevenZipSharp.dll
- %Temp%\bhfiles\STch.json
- %Temp%\bhfiles\STch.json.old
- %Temp%\bhfiles\STff.json
- %Temp%\bhfiles\STff.json.old
- %Temp%\bhfiles\STie.json
- %Temp%\bhfiles\STie.json.old
- %Temp%\bhfiles\sweettunes_search.xml
- %Temp%\bhfiles\sweettunes_search.xml.old
- %Temp%\bhfiles\System.Data.SQLite.dll
- %Temp%\bhfiles\trusted_search.xml
- %Temp%\bhfiles\x86\SQLite.Interop.dll
- %Temp%\biclient.exe
- %Temp%\DI\InstallerLibrary.dll
- %Temp%\DI\ValidationScriptLibrary.dll
- %Temp%\heu39T.nss
- %Temp%\InstallerLibrary.dll
- %Temp%\jdaaAVBC_132
- %Temp%\ms.exe
- %Temp%\nsa24.tmp
- %Temp%\nsg37.tmp\Registry.dll
- %Temp%\nsk41.tmp
- %Temp%\nslF.tmp\registry.dll
- %Temp%\nsq1E.tmp\InstallerLibrary.dll
- %Temp%\nsq1E.tmp\ValidationScriptLibrary.dll
- %Temp%\nsw19.tmp
- %Temp%\Number of results
- %Temp%\PDFCreator-1_3_2_setup.exe
- %Temp%\qms.exe
- %Temp%\setup_132.exe
- %Temp%\SpeedUpMyComputer.exe
- %Temp%\UpdateCheckerSetup.exe
- %Temp%\ValidationScriptLibrary.dll
- %Programs%\FilesFrog Update Checker\Check for Updates.lnk
- %Programs%\FilesFrog Update Checker\Uninstall.lnk
- %Programs%\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.lnk
- %Programs%\SmartTweak Software\SpeedUpMyComputer\Uninstall.lnk
- %Programs%\SmartTweak Software\SpeedUpMyComputer\Website.lnk
- %Programs%\VOPackage\Configure.lnk
- %Common Appdata%\Microsoft\Dr Watson\drwtsn32.log
- %Common Desktopdirectory%\1place.org Games.url
- %Program Files%\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
- %Program Files%\GamesRS\GUpdater.exe
- %Program Files%\GamesRS\msvcp100.dll
- %Program Files%\GamesRS\msvcr100.dll
- %Program Files%\GamesRS\QtCore4.dll
- %Program Files%\GamesRS\QtNetwork4.dll
- %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe
- %Program Files%\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.url
- %Program Files%\SmartTweak\SpeedUpMyComputer\uninst.exe
- %SysDir%\spool\drivers\w32x86\3\PDFCREAT.BPD
- %SysDir%\spool\drivers\w32x86\3\PDFCREAT.PPD
- %SysDir%\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %SysDir%\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %SysDir%\MSMAPI32.OCX
- %SysDir%\MSMPIDE.DLL
- %SysDir%\pdfcmon.dll