SN.BOOSTER.EXE is Adware PUP.Optional.MultiPlug.A

Detected by UnHackMe:

SN.BOOSTER.EXE
Default location: %Common Appdata%\SuperbApp\SN.Booster\SN.Booster.exe

Removal Results: Success
Number of reboot: 1

SN.BOOSTER.EXE is known as:

Adware.PUP.Optional.MultiPlug.A, Trojan.Downloader.Agent.afd, Trojan-Downloader ( 0048ec4f1 ), Trojan.DL.Adload.sfG54tBszYg, W32.Trojan2.OBQW, Win32.Tnega.VeAcWa, Win32:Agent-ASOC [Adw], Trojan-Downloader.Adload.dyhq, Trojan.Agent.cojdgu, Trojan.S.Agent.729600.B, Troj.Agent-AFFX, TrojWare.TrojanDownloader.Agent.AFD, Trojan.DownLoad3.30962, TR.Downloader.A.988, Trojan-Downloader.Adload (A), TrojanDownloader.Adload.vxu, Trojan.Agent, W32.Trojan.ZIUW-3330, TrojanDownloader.Adload, Trj.WLT.A, Win32.TrojanDownloader.Agent.AFD, Trojan-Downloader.Adload, W32.Agent.AFD.tr.dldr, Trojan.Agent.50, Win32.Trojan.Downloader.ec6

SN.BOOSTER.EXE hash:

• MD5: 1d283dd3ae2312eee624e8b8c46f6adb

Registry:

• HKLM\Software\Classes\CLSID\{63DF3502-E97A-D7B7-8187-B28A7E91596E}\InprocServer32\: “%Program Files%\savE nneT\R2sf.dll”
• HKLM\Software\Classes\CLSID\{652A7E34-19EA-5DF2-12DA-911DEBA51BC3}\InprocServer32\: “%Program Files%\YoutubeAdblocker\EZtrWG4VT.dll”
• HKLM\Software\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\LocalServer32\: “”%SysDir%\Adobe\Shockwave 11\SwHelper_1157609.exe”"
• HKLM\Software\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32\: “%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll”
• HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\12acef01-7853-4166-b453-b58650af5034\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{630B6~1\Setup.exe /remove /q0″
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\DisplayName: “LiveSupport”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\UninstallString: “”%Program Files%\LiveSupport\unins000.exe”"
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\DisplayName: “Optimizer Pro v3.2″
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\UninstallString: “”%Program Files%\Optimizer Pro\unins000.exe”"
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-403225106\UninstallString: “”c:\documents and settings\all users\application data\superbapp\sn.booster\sn.booster.exe” /uninstall”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-403225106\DisplayName: “SN.Booster”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\DisplayName: “WPM18.8.0.212″
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\UninstallString: “%Common Appdata%\WPM\wprotectmanager.exe -uninstall”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “YoutubeAdblocker”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SN406E~1.BOO”,_uninstall /un”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\DisplayName: “SN.Sustainer 1.80″
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\UninstallString: “”%Common Appdata%\savE nneT\0wMPU.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\DisplayName: “savE nneT”
• HKLM\System\CurrentControlSet\Services\916e5338\ImagePath: “”%SysDir%\rundll32.exe” “c:\progra~1\SNSvc.dll”,service”
• HKLM\System\CurrentControlSet\Services\916e5338\DisplayName: “SN.Sustainer”
• HKLM\System\CurrentControlSet\Services\Wpm\ImagePath: “%Common Appdata%\WPM\wprotectmanager.exe -service”
• HKLM\System\CurrentControlSet\Services\Wpm\DisplayName: “Wpm Service”
• HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Optimizer Pro: “%Program Files%\Optimizer Pro\OptProLauncher.exe”
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LiveSupport: “”%Program Files%\LiveSupport\LiveSupport.exe” /noshow /log”
• HKCU\Software\Optimizer Pro\DisplayName: “Optimizer Pro”
• HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
• HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Program Files%\Google\Chrome\Application\chrome.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
• HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
• HKLM\Software\Clients\StartMenuInternet\OperaNext\shell\open\command\: “”%Program Files%\Opera Next\Launcher.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
• HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
• HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\sn406e~1.boo”

Folders:

• %Profile%\AppData\LocalLow
• %Profile%\AppData\LocalLow\{63DF3502-E97A-D7B7-8187-B28A7E91596E}
• %Profile%\AppData\LocalLow\{652A7E34-19EA-5DF2-12DA-911DEBA51BC3}
• %Common Appdata%\InstallMate
• %Common Appdata%\savE nneT
• %Common Appdata%\SuperbApp
• %Common Appdata%\SuperbApp\Setup
• %Common Appdata%\SuperbApp\SN.Booster
• %Common Appdata%\SuperbApp\SN.Booster\403225106
• %Common Appdata%\WPM
• %Common Appdata%\WPM\log
• %Common Appdata%\WPM\update
• %Common Appdata%\YoutubeAdblocker
• %Common Startmenu%\Programs\LiveSupport
• %Program Files%\LiveSupport
• %Program Files%\savE nneT
• %Program Files%\YoutubeAdblocker

Files:

• %Common Appdata%\savE nneT\0wMPU.dat
• %Common Appdata%\savE nneT\0wMPU.exe
• %Common Appdata%\SuperbApp\SN.Booster\403225106.ini
• %Common Appdata%\SuperbApp\SN.Booster\SN.Booster.exe
• %Common Appdata%\WPM\log\wprotectmanager_2014-04-14[19-25-58-310].log
• %Common Appdata%\WPM\update\conf
• %Common Appdata%\WPM\wprotectmanager.exe
• %Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.dat
• %Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.exe
• %Program Files%\Mozilla Firefox\browser\searchplugins\sweet-page.xml
• %Program Files%\LiveSupport\LiveSupport.exe
• %Program Files%\LiveSupport\LiveSupport_deskband_x32.dll
• %Program Files%\LiveSupport\LiveSupport_deskband_x64.dll
• %Program Files%\LiveSupport\unins000.dat
• %Program Files%\LiveSupport\unins000.exe
• %Program Files%\LiveSupport\unins000.msg
• %Program Files%\savE nneT\R2sf.dat
• %Program Files%\savE nneT\R2sf.dll
• %Program Files%\savE nneT\R2sf.tlb
• %Program Files%\savE nneT\R2sf.x64.dll
• %Program Files%\SN.Booster
• %Program Files%\SNSvc.dll
• %Program Files%\YoutubeAdblocker\EZtrWG4VT.dat
• %Program Files%\YoutubeAdblocker\EZtrWG4VT.dll
• %Program Files%\YoutubeAdblocker\EZtrWG4VT.tlb
• %Program Files%\YoutubeAdblocker\EZtrWG4VT.x64.dll
• %WinDir%\Tasks\SN.Booster-S-403225106.job