The file SPROTECTOR.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete SPROTECTOR.DLL we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of SPROTECTOR.DLL
Full path on a computer: %Program Files%\WebSearch\sprotector.dll
Detected by UnHackMe:
SPROTECTOR.DLL
Default location: %Program Files%\WebSearch\sprotector.dll
Removal Results: Success
Number of reboot: 1
SPROTECTOR.DLL is known as:
Trojan.Sprotector, ADW_SPROTECT, Win32:SProtector-A [PUP], Adware.BGuard.B, Adware.BGuard.B (B), Adware.BGuard.11, a variant of Win32.SProtector.A
SPROTECTOR.DLL hash:
- MD5: d59fb8a196cc8ad8e8bde0c437070cc6
The file tries to download information from some web sites.
How to quickly detect SPROTECTOR.DLL presence?
Registry:
- HKLM\Software\Classes\CLSID\{D0BDA4D8-5BA0-FBBF-82FD-A2CF68EE2B82}\InProcServer32\: “%Common Appdata%\SearchNewTab\51e8f93545909.dll”
- HKLM\Software\Classes\CLSID\{E270EC96-A42B-7C60-49D7-B6E02723C9A6}\InProcServer32\: “%Common Appdata%\saffe saevue\51e8f8fb98086.dll”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\safesa~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll”
Folders:
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org\content
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk\content
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1
- %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}
- %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Addons
- %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\x64
- %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\x86
- %Common Appdata%\InstallMate
- %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}
- %Common Appdata%\saffe saevue
- %Common Appdata%\SearchNewTab
- %Common Appdata%\StarApp
- %Common Appdata%\StarApp\Setup
- %Common Startmenu%\Programs\EZDownloader
- %Common Startmenu%\Programs\saffe saevue
- %Common Startmenu%\Programs\SearchNewTab
- %Program Files%\EZDownloader
- %Program Files%\SafeSaver
- %Program Files%\WebSearch
- %SysDir%\AMD64
- %SysDir%\X86
Files:
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org\bootstrap.js
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org\chrome.manifest
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org\content\bg.js
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\iuogkr@cmey.org\install.rdf
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk\bootstrap.js
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk\chrome.manifest
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk\content\bg.js
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\twwihw@azcwoaoaay.co.uk\install.rdf
- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\searchplugins\WebSearch.xml
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\51e8f935456c43.29829248.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\background.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\content.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\lsdb.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\manifest.json
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\newtab.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\dcjpbolpjaeikmjheogeedbjiccpkjka\1\sqlite.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\51e8f8fb97e488.17001059.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\background.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\content.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\lsdb.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\manifest.json
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ibiokpcjmohngjmdclbdhkehofmbmgjh\1\sqlite.js
- %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Addons\newtab_setup.exe
- %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Addons\web_assistant_v2.exe
- %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\general_logo.jpg
- %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\v_grey.jpg
- %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\x64\regsvr32.exe
- %Temp%\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\x86\regsvr32.exe
- %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\20130719122854.log
- %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Custom.dll
- %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Readme.txt
- %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Setup.dat
- %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Setup.exe
- %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\Setup.ico
- %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\TsuDll.dll
- %Common Appdata%\InstallMate\{AC78DBC4-02A2-4529-A7C2-4A80779BF932}\_Setup.dll
- %Common Appdata%\saffe saevue\51e8f8fb98086.dll
- %Common Appdata%\saffe saevue\51e8f8fb98086.tlb
- %Common Appdata%\saffe saevue\settings.ini
- %Common Appdata%\saffe saevue\uninstall.exe
- %Common Appdata%\SearchNewTab\51e8f93545909.dll
- %Common Appdata%\SearchNewTab\51e8f93545909.tlb
- %Common Appdata%\SearchNewTab\settings.ini
- %Common Appdata%\SearchNewTab\uninstall.exe
- %Common Desktopdirectory%\EZDownloader.lnk
- %Common Startmenu%\Programs\EZDownloader\EZDownloader.lnk
- %Common Startmenu%\Programs\saffe saevue\saffe saevue.lnk
- %Common Startmenu%\Programs\saffe saevue\Uninstall.lnk
- %Common Startmenu%\Programs\SearchNewTab\SearchNewTab.lnk
- %Common Startmenu%\Programs\SearchNewTab\Uninstall.lnk
- %Program Files%\EZDownloader\EZDownloader.Core.dll
- %Program Files%\EZDownloader\EZDownloader.exe
- %Program Files%\EZDownloader\EZDownloader.exe.config
- %Program Files%\EZDownloader\EZDownloader.Extension.dll
- %Program Files%\EZDownloader\EZDownloader.Spider.dll
- %Program Files%\EZDownloader\ICSharpCode.SharpZipLib.dll
- %Program Files%\EZDownloader\Interop.SHDocVw.dll
- %Program Files%\EZDownloader\TabStrip.dll
- %Program Files%\EZDownloader\unins000.dat
- %Program Files%\EZDownloader\unins000.exe
- %Program Files%\SafeSaver\sprotector.dll
- %Program Files%\SafeSaver\uninstall.exe
- %Program Files%\WebSearch\sprotector.dll
- %Program Files%\WebSearch\uninstall.exe