We received the file SW_BOOSTER.EXE and detected that SW_BOOSTER.EXE is not good.
SW_BOOSTER.EXE is Adware. You should remove the file SW_BOOSTER.EXE.
Kill the process SW_BOOSTER.EXE and remove SW_BOOSTER.EXE from Windows.
Malware Analysis of SW_BOOSTER.EXE
Full path on a computer: %Common Appdata%\SuperbApp\SW_Booster\SW_Booster.exe
Detected by UnHackMe:
SW_BOOSTER.EXE
Default location: %Common Appdata%\SuperbApp\SW_Booster\SW_Booster.exe
Removal Results: Success
Number of reboot: 1
SW_BOOSTER.EXE is known as:
Adware.PUP.Optional.MultiPlug.A, Trojan-Downloader ( 0048ec4f1 ), Trojan.Downloader.Agent.afd, Trojan.DL.Adload.sfG54tBszYg, W32.Trojan2.OBQW, Win32.Tnega.VeAcWa, Win32:Agent-ASOC [Adw], Trojan-Downloader.Adload.dyhq, Trojan.Agent.cojdgu, Trojan.S.Agent.729600.B, Trojan-Downloader.Adload (A), TrojWare.TrojanDownloader.Agent.AFD, Trojan.DownLoad3.30962, TR.Downloader.A.988, Troj.Agent-AFFX, TrojanDownloader.Adload.vxu, Trojan.Agent, W32.Trojan.ZIUW-3330, TrojanDownloader.Adload, Trj.WLT.A, Win32.TrojanDownloader.Agent.AFD, Trojan-Downloader.Adload, W32.Agent.AFD.tr.dldr, Trojan.Agent.50, Win32.Trojan.Downloader.ec6
SW_BOOSTER.EXE hash:
- MD5: 1d283dd3ae2312eee624e8b8c46f6adb
Registry:- HKLM\Software\Classes\CLSID\{911351A9-3B93-1540-4F1C-F4C8FF16814A}\InprocServer32\: “%Program Files%\saave neT\0eAwGANay.dll”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eda42116-0ae8-4c84-a5be-87a6e1475e67\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{97C35~1\Setup.exe /remove /q0″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-5008438155\UninstallString: “”c:\documents and settings\all users\application data\superbapp\sw_booster\sw_booster.exe” /uninstall”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-5008438155\DisplayName: “SW_Booster”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{280f2936}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\PROGRA~1\SW_BOO~1\ASSIST~1.DLL”,_uninstall /un”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{280f2936}\DisplayName: “SW_Sustainer 1.80″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\UninstallString: “”%Common Appdata%\saave neT\yZSsQor7hZ.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}\DisplayName: “saave neT”
- HKLM\System\CurrentControlSet\Services\280f2936\ImagePath: “”%SysDir%\rundll32.exe” “c:\progra~1\sw_boo~1\AssistantSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\280f2936\DisplayName: “SW_Sustainer”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\sw_boo~1\assist~1.dll”
Folders:- %Profile%\AppData
- %Profile%\AppData\LocalLow
- %Common Appdata%\InstallMate
- %Common Appdata%\saave neT
- %Common Appdata%\SuperbApp
- %Common Appdata%\SuperbApp\SW_Booster
- %Program Files%\saave neT
- %Program Files%\SW_Booster
Files:- %Profile%\AppData\LocalLow\{911351A9-3B93-1540-4F1C-F4C8FF16814A}\saave neT.2.7.dat
- %Common Appdata%\d4cce9714edd12e7\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
- %Common Appdata%\InstallMate\{97C35B23-C502-4B25-A9CE-8D204C2079D5}\20140418135659.log
- %Common Appdata%\InstallMate\{97C35B23-C502-4B25-A9CE-8D204C2079D5}\Custom.dll
- %Common Appdata%\InstallMate\{97C35B23-C502-4B25-A9CE-8D204C2079D5}\Readme.txt
- %Common Appdata%\InstallMate\{97C35B23-C502-4B25-A9CE-8D204C2079D5}\Setup.dat
- %Common Appdata%\InstallMate\{97C35B23-C502-4B25-A9CE-8D204C2079D5}\Setup.exe
- %Common Appdata%\InstallMate\{97C35B23-C502-4B25-A9CE-8D204C2079D5}\Setup.ico
- %Common Appdata%\InstallMate\{97C35B23-C502-4B25-A9CE-8D204C2079D5}\TsuDll.dll
- %Common Appdata%\InstallMate\{97C35B23-C502-4B25-A9CE-8D204C2079D5}\_Setup.dll
- %Common Appdata%\saave neT\yZSsQor7hZ.dat
- %Common Appdata%\saave neT\yZSsQor7hZ.exe
- %Common Appdata%\SuperbApp\SW_Booster\5008438155.ini
- %Common Appdata%\SuperbApp\SW_Booster\SW_Booster.exe
- %Program Files%\saave neT\0eAwGANay.dat
- %Program Files%\saave neT\0eAwGANay.dll
- %Program Files%\saave neT\0eAwGANay.tlb
- %Program Files%\saave neT\0eAwGANay.x64.dll
- %Program Files%\SW_Booster\Assistant.dll
- %Program Files%\SW_Booster\AssistantSvc.dll
- %WinDir%\Tasks\SW_Booster-S-5008438155.job