The file SNSVC.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete SNSVC.DLL we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of SNSVC.DLL
Full path on a computer: %Program Files%\SNSvc.dll
Detected by UnHackMe:
SNSVC.DLL
Default location: %Program Files%\SNSvc.dll
Removal Results: Success
Number of reboot: 1
SNSVC.DLL is known as:
Trojan.SProtector, Trojan ( 0049344e1 ), Trojan.ADH.2, Trojan.WebPick.cvlvgw, BProtector, ApplicUnwnt, Trojan.WebPick.35, Adware.SProtector, PUA.SProtector.D, a variant of Win32.SProtector.D, PE:Malware.SProtector.6.1682, Trj.BProtect.A
SNSVC.DLL hash:
- MD5: fe981d1c19fefdbf6f8da29b97f27b90
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect SNSVC.DLL presence?
Image may be NSFW.
Clik here to view.
Registry:
Clik here to view.
Registry:- HKLM\Software\Classes\CLSID\{63DF3502-E97A-D7B7-8187-B28A7E91596E}\InprocServer32\: “%Program Files%\savE nneT\R2sf.dll”
- HKLM\Software\Classes\CLSID\{652A7E34-19EA-5DF2-12DA-911DEBA51BC3}\InprocServer32\: “%Program Files%\YoutubeAdblocker\EZtrWG4VT.dll”
- HKLM\Software\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\LocalServer32\: “”%SysDir%\Adobe\Shockwave 11\SwHelper_1157609.exe”"
- HKLM\Software\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32\: “%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll”
- HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\12acef01-7853-4166-b453-b58650af5034\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{630B6~1\Setup.exe /remove /q0″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\DisplayName: “LiveSupport”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1\UninstallString: “”%Program Files%\LiveSupport\unins000.exe”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\DisplayName: “Optimizer Pro v3.2″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\UninstallString: “”%Program Files%\Optimizer Pro\unins000.exe”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-403225106\UninstallString: “”c:\documents and settings\all users\application data\superbapp\sn.booster\sn.booster.exe” /uninstall”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-403225106\DisplayName: “SN.Booster”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\DisplayName: “WPM18.8.0.212″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM\UninstallString: “%Common Appdata%\WPM\wprotectmanager.exe -uninstall”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\UninstallString: “”%Common Appdata%\YoutubeAdblocker\4GRrdbdWYv.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}\DisplayName: “YoutubeAdblocker”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SN406E~1.BOO”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}\DisplayName: “SN.Sustainer 1.80″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\UninstallString: “”%Common Appdata%\savE nneT\0wMPU.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\DisplayName: “savE nneT”
- HKLM\System\CurrentControlSet\Services\916e5338\ImagePath: “”%SysDir%\rundll32.exe” “c:\progra~1\SNSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\916e5338\DisplayName: “SN.Sustainer”
- HKLM\System\CurrentControlSet\Services\Wpm\ImagePath: “%Common Appdata%\WPM\wprotectmanager.exe -service”
- HKLM\System\CurrentControlSet\Services\Wpm\DisplayName: “Wpm Service”
- HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName: “sweet-page”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Optimizer Pro: “%Program Files%\Optimizer Pro\OptProLauncher.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LiveSupport: “”%Program Files%\LiveSupport\LiveSupport.exe” /noshow /log”
- HKCU\Software\Optimizer Pro\DisplayName: “Optimizer Pro”
- HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Program Files%\Google\Chrome\Application\chrome.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\OperaNext\shell\open\command\: “”%Program Files%\Opera Next\Launcher.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe” http://www.sweet-page.com/?type=sc&ts=1397489127&from=wpc&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001″
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\sn406e~1.boo”
Image may be NSFW.
Clik here to view.![]( "Folders")
Folders:
Clik here to view.
Folders:- %Program Files%\LiveSupport
- %Program Files%\Optimizer Pro
- %Program Files%\savE nneT
- %Program Files%\YoutubeAdblocker
Image may be NSFW.
Clik here to view.![]( "Files")
Files:
Clik here to view.
Files:- %Program Files%\savE nneT\R2sf.dat
- %Program Files%\savE nneT\R2sf.dll
- %Program Files%\savE nneT\R2sf.tlb
- %Program Files%\savE nneT\R2sf.x64.dll
- %Program Files%\SN.Booster
- %Program Files%\SNSvc.dll
- %Program Files%\YoutubeAdblocker\EZtrWG4VT.dat
- %Program Files%\YoutubeAdblocker\EZtrWG4VT.dll
- %Program Files%\YoutubeAdblocker\EZtrWG4VT.tlb
- %Program Files%\YoutubeAdblocker\EZtrWG4VT.x64.dll
- %WinDir%\Tasks\SN.Booster-S-403225106.job