We received the file SPROTECTOR.DLL and detected that SPROTECTOR.DLL is not good.
SPROTECTOR.DLL is Adware. You should remove the file SPROTECTOR.DLL.
Kill the process SPROTECTOR.DLL and remove SPROTECTOR.DLL from Windows.
Malware Analysis of SaveShare\SPROTECTOR.DLL
Full path on a computer: %Program Files%\SaveShare\sprotector.dll
Detected by UnHackMe:
SPROTECTOR.DLL
Default location: %Program Files%\SaveShare\sprotector.dll
Removal Results: Success
Number of reboot: 1
SPROTECTOR.DLL is known as:
Adware.BGuard.B, Trojan.Sprotector, ADW_SPROTECT, Win32:SProtector-A [PUP], Adware.BGuard.B (B), Adware.BGuard.11, a variant of Win32.SProtector.A
SPROTECTOR.DLL hash:
- MD5: d59fb8a196cc8ad8e8bde0c437070cc6
The file tries to connect to the dangerous web site.
How to quickly detect SPROTECTOR.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{6EE981DB-EF4D-2400-C308-79EBD8847943}\InprocServer32\: “%Common Appdata%\SEArrccH-NewTab\jduENC92w.dll”
- HKLM\Software\Classes\CLSID\{EE834CA4-D632-26CA-FA71-09B87FA30D19}\InprocServer32\: “%Common Appdata%\savaenshhare\qxnPzAWJ.dll”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1\UninstallString: “”%Program Files%\Optimizer Pro\unins000.exe”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\OPTIMI~1\Setup.exe /remove /q0″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e303e95\UninstallString: “”%Program Files%\SaveShare\uninstall.exe” /FULLPATH=”%Program Files%\SaveShare”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714\UninstallString: “”%Program Files%\WebSearch\uninstall.exe” /FULLPATH=”%Program Files%\WebSearch”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F902903-1A6A-1465-618E-D29BA012147D}\UninstallString: “C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~1\{EAE83~1\Setup.exe /remove /q0″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}\UninstallString: “”regsvr32.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “%Common Appdata%\savaenshhare\q9gbHoZW.dll”"
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}\UninstallString: “”regsvr32.exe” /s /n /i:”ExecuteCommands;UninstallCommands” “%Common Appdata%\SEArrccH-NewTab\hDovCv92C.dll”"
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Optimizer Pro: “%Program Files%\Optimizer Pro\OptProLauncher.exe”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\progra~1\savesh~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll”
Folders:- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\lc_bjf@sil-hhm.edu
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\lc_bjf@sil-hhm.edu\content
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\zsj6k@eyigcmap.org
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\zsj6k@eyigcmap.org\content
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\searchplugins
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\amoehdncaiocgcdeocaipaacmjeolkni
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\amoehdncaiocgcdeocaipaacmjeolkni\1.0
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\hecnkhdjbnbilkgcjlneeckomddbhhad
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\hecnkhdjbnbilkgcjlneeckomddbhhad\5.10
- %Common Appdata%\BetterSoft
- %Common Appdata%\BetterSoft\OptimizerPro
- %Common Appdata%\InstallMate
- %Common Appdata%\InstallMate\OptimizerPro
- %Common Appdata%\InstallMate\{EAE83235-BDB4-4F49-ADA2-F596310B10C3}
- %Common Appdata%\savaenshhare
- %Common Appdata%\SEArrccH-NewTab
- %Common Appdata%\StarApp
- %Common Appdata%\StarApp\Setup
- %Common Startmenu%\Programs\Optimizer Pro
- %Program Files%\Optimizer Pro
- %Program Files%\SaveShare
- %Program Files%\WebSearch
Files:- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\lc_bjf@sil-hhm.edu\bootstrap.js
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\lc_bjf@sil-hhm.edu\chrome.manifest
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\lc_bjf@sil-hhm.edu\content\bg.js
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\lc_bjf@sil-hhm.edu\install.rdf
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\zsj6k@eyigcmap.org\bootstrap.js
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\zsj6k@eyigcmap.org\chrome.manifest
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\zsj6k@eyigcmap.org\content\bg.js
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\zsj6k@eyigcmap.org\install.rdf
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\searchplugins\WebSearch.xml
- %Desktop%\Optimizer Pro.lnk
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\amoehdncaiocgcdeocaipaacmjeolkni\1.0\background.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\amoehdncaiocgcdeocaipaacmjeolkni\1.0\BilWIw5IM8.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\amoehdncaiocgcdeocaipaacmjeolkni\1.0\content.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\amoehdncaiocgcdeocaipaacmjeolkni\1.0\lsdb.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\amoehdncaiocgcdeocaipaacmjeolkni\1.0\manifest.json
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\amoehdncaiocgcdeocaipaacmjeolkni\1.0\newtab.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\amoehdncaiocgcdeocaipaacmjeolkni\1.0\sqlite.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\hecnkhdjbnbilkgcjlneeckomddbhhad\5.10\background.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\hecnkhdjbnbilkgcjlneeckomddbhhad\5.10\content.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\hecnkhdjbnbilkgcjlneeckomddbhhad\5.10\lsdb.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\hecnkhdjbnbilkgcjlneeckomddbhhad\5.10\manifest.json
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\hecnkhdjbnbilkgcjlneeckomddbhhad\5.10\sqlite.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\hecnkhdjbnbilkgcjlneeckomddbhhad\5.10\XlPSvA6LC.js
- %Common Appdata%\BetterSoft\OptimizerPro\1173230912.ini
- %Common Appdata%\BetterSoft\OptimizerPro\OptimizerPro.exe
- %Common Appdata%\InstallMate\OptimizerPro\Custom.dll
- %Common Appdata%\InstallMate\OptimizerPro\Readme.txt
- %Common Appdata%\InstallMate\OptimizerPro\Setup.dat
- %Common Appdata%\InstallMate\OptimizerPro\Setup.exe
- %Common Appdata%\InstallMate\OptimizerPro\Setup.ico
- %Common Appdata%\InstallMate\OptimizerPro\TsuDll.dll
- %Common Appdata%\InstallMate\OptimizerPro\_Setup.dll
- %Common Appdata%\InstallMate\{EAE83235-BDB4-4F49-ADA2-F596310B10C3}\20130809092714.log
- %Common Appdata%\InstallMate\{EAE83235-BDB4-4F49-ADA2-F596310B10C3}\Custom.dll
- %Common Appdata%\InstallMate\{EAE83235-BDB4-4F49-ADA2-F596310B10C3}\Readme.txt
- %Common Appdata%\InstallMate\{EAE83235-BDB4-4F49-ADA2-F596310B10C3}\Setup.dat
- %Common Appdata%\InstallMate\{EAE83235-BDB4-4F49-ADA2-F596310B10C3}\Setup.exe
- %Common Appdata%\InstallMate\{EAE83235-BDB4-4F49-ADA2-F596310B10C3}\Setup.ico
- %Common Appdata%\InstallMate\{EAE83235-BDB4-4F49-ADA2-F596310B10C3}\TsuDll.dll
- %Common Appdata%\InstallMate\{EAE83235-BDB4-4F49-ADA2-F596310B10C3}\_Setup.dll
- %Common Appdata%\savaenshhare\q9gbHoZW.dll
- %Common Appdata%\savaenshhare\qxnPzAWJ.dll
- %Common Appdata%\savaenshhare\qxnPzAWJ.tlb
- %Common Appdata%\savaenshhare\settings.ini
- %Common Appdata%\SEArrccH-NewTab\hDovCv92C.dll
- %Common Appdata%\SEArrccH-NewTab\jduENC92w.dll
- %Common Appdata%\SEArrccH-NewTab\jduENC92w.tlb
- %Common Appdata%\SEArrccH-NewTab\settings.ini
- %Common Startmenu%\Programs\Optimizer Pro\Help.lnk
- %Common Startmenu%\Programs\Optimizer Pro\Optimizer Pro on the Web.lnk
- %Common Startmenu%\Programs\Optimizer Pro\Optimizer Pro.lnk
- %Common Startmenu%\Programs\Optimizer Pro\Uninstall Optimizer Pro.lnk
- %Program Files%\Optimizer Pro\English.ini
- %Program Files%\Optimizer Pro\file_id.diz
- %Program Files%\Optimizer Pro\HomePage.url
- %Program Files%\Optimizer Pro\OptimizerPro.chm
- %Program Files%\Optimizer Pro\OptimizerPro.exe
- %Program Files%\Optimizer Pro\OptProGuard.exe
- %Program Files%\Optimizer Pro\OptProLauncher.exe
- %Program Files%\Optimizer Pro\OptProReminder.exe
- %Program Files%\Optimizer Pro\OptProSchedule.exe
- %Program Files%\Optimizer Pro\OptProSmartScan.exe
- %Program Files%\Optimizer Pro\OptProStart.exe
- %Program Files%\Optimizer Pro\OptProUninstaller.exe
- %Program Files%\Optimizer Pro\scan.gif
- %Program Files%\Optimizer Pro\sqlite3.dll
- %Program Files%\Optimizer Pro\unins000.dat
- %Program Files%\Optimizer Pro\unins000.exe
- %Program Files%\Optimizer Pro\unins000.msg
- %Program Files%\SaveShare\sprotector.dll
- %Program Files%\SaveShare\uninstall.exe
- %Program Files%\WebSearch\sprotector.dll
- %Program Files%\WebSearch\uninstall.exe
- %WinDir%\Tasks\schedule!1173230912.job