SNSVC.DLL is Trojan SProtector

Detected by UnHackMe:

SNSVC.DLL
Default location: %Program Files%\SNSvc.dll

Removal Results: Success
Number of reboot: 1

SNSVC.DLL is known as:

Trojan.SProtector, Trojan ( 0049344e1 ), Trojan.ADH.2, Trojan.WebPick.cvlvgw, BProtector, ApplicUnwnt, Trojan.WebPick.35, Adware.SProtector, PUA.SProtector.D, a variant of Win32.SProtector.D, PE:Malware.SProtector.6.1682, Trj.BProtect.A

SNSVC.DLL hash:

• MD5: fe981d1c19fefdbf6f8da29b97f27b90

Registry:

• HKLM\Software\Classes\CLSID\{63DF3502-E97A-D7B7-8187-B28A7E91596E}\InprocServer32\: “%Program Files%\savE nneT\R2sf.dll”
• HKLM\Software\Classes\CLSID\{652A7E34-19EA-5DF2-12DA-911DEBA51BC3}\InprocServer32\: “%Program Files%\YoutubeAdblocker\EZtrWG4VT.dll”
• HKLM\Software\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\LocalServer32\: “”%SysDir%\Adobe\Shockwave 11\SwHelper_1157609.exe”"
• HKLM\Software\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32\: “%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll”
• HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\12acef01-7853-4166-b453-b58650af5034\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{630B6~1\Setup.exe /remove /q0″
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\DisplayName: “LiveSupport”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\UninstallString: “”%Program Files%\LiveSupport\unins000.exe”"
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\DisplayName: “Optimizer Pro v3.2″
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\UninstallString: “”%Program Files%\Optimizer Pro\unins000.exe”"
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-403225106\UninstallString: “”c:\documents and settings\all users\application data\superbapp\sn.booster\sn.booster.exe” /uninstall”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-403225106\DisplayName: “SN.Booster”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\DisplayName: “WPM18.8.0.212″
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\UninstallString: “%Common Appdata%\WPM\wprotectmanager.exe -uninstall”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “YoutubeAdblocker”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SN406E~1.BOO”,_uninstall /un”
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\DisplayName: “SN.Sustainer 1.80″
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\UninstallString: “”%Common Appdata%\savE nneT\0wMPU.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
• HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\DisplayName: “savE nneT”
• HKLM\System\CurrentControlSet\Services\916e5338\ImagePath: “”%SysDir%\rundll32.exe” “c:\progra~1\SNSvc.dll”,service”
• HKLM\System\CurrentControlSet\Services\916e5338\DisplayName: “SN.Sustainer”
• HKLM\System\CurrentControlSet\Services\Wpm\ImagePath: “%Common Appdata%\WPM\wprotectmanager.exe -service”
• HKLM\System\CurrentControlSet\Services\Wpm\DisplayName: “Wpm Service”
• HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Optimizer Pro: “%Program Files%\Optimizer Pro\OptProLauncher.exe”
• HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LiveSupport: “”%Program Files%\LiveSupport\LiveSupport.exe” /noshow /log”
• HKCU\Software\Optimizer Pro\DisplayName: “Optimizer Pro”
• HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
• HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Program Files%\Google\Chrome\Application\chrome.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
• HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
• HKLM\Software\Clients\StartMenuInternet\OperaNext\shell\open\command\: “”%Program Files%\Opera Next\Launcher.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
• HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
• HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\sn406e~1.boo”

Folders:

• %Program Files%\LiveSupport
• %Program Files%\Optimizer Pro
• %Program Files%\savE nneT
• %Program Files%\YoutubeAdblocker

Files:

• %Program Files%\savE nneT\R2sf.dat
• %Program Files%\savE nneT\R2sf.dll
• %Program Files%\savE nneT\R2sf.tlb
• %Program Files%\savE nneT\R2sf.x64.dll
• %Program Files%\SN.Booster
• %Program Files%\SNSvc.dll
• %Program Files%\YoutubeAdblocker\EZtrWG4VT.dat
• %Program Files%\YoutubeAdblocker\EZtrWG4VT.dll
• %Program Files%\YoutubeAdblocker\EZtrWG4VT.tlb
• %Program Files%\YoutubeAdblocker\EZtrWG4VT.x64.dll
• %WinDir%\Tasks\SN.Booster-S-403225106.job