We received the file 51BB1CFF16C2C.DLL and detected that 51BB1CFF16C2C.DLL is not good.
51BB1CFF16C2C.DLL is Adware. You should remove the file 51BB1CFF16C2C.DLL.
Kill the process 51BB1CFF16C2C.DLL and remove 51BB1CFF16C2C.DLL from Windows.
Malware Analysis of 51BB1CFF16C2C.DLL
Full path on a computer: %Common Appdata%\saafe isiave\51bb1cff16c2c.dll
Detected by UnHackMe:
Item Name: 51BB1CFF16C2C.DLL
Author: Unknown
Related File: %COMMON APPDATA%\SAAFE ISIAVE\51BB1CFF16C2C.DLL
Type: Multi AV Detected Files
Removal Results: Success
Number of reboot: 1
51BB1CFF16C2C.DLL is known as:
Adware.MegaSearch, a variant of Win32.Adware.MultiPlug.I
51BB1CFF16C2C.DLL hash:
- MD5: 0f449a5256bcfd0c8d914040735f55de
The file tries to download information from some web sites.
How to quickly detect 51BB1CFF16C2C.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{FA0A6477-A380-3353-559E-ADC7B5491DF3}\InProcServer32\: “%Common Appdata%\saafe isiave\51bb1cff16c2c.dll”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs: 0×00000001
Folders:- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\eoa.2dhq@dvmptzgfhh.org
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\eoa.2dhq@dvmptzgfhh.org\content
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejmlnnnpijljjlllpekakmnbnininclm
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejmlnnnpijljjlllpekakmnbnininclm\1
- %Temp%\nsi5.tmp
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}\Addons
- %Common Appdata%\InstallMate
- %Common Appdata%\InstallMate\439C85DF
- %Common Appdata%\InstallMate\439C85DF\cfg
- %Common Appdata%\saafe isiave
- %Common Startmenu%\Programs\saafe isiave
- %Program Files%\SafeSaver
Files:- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\eoa.2dhq@dvmptzgfhh.org\bootstrap.js
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\eoa.2dhq@dvmptzgfhh.org\chrome.manifest
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\eoa.2dhq@dvmptzgfhh.org\content\bg.js
- %Appdata%\Mozilla\Firefox\Profiles\profile.default\extensions\staged\eoa.2dhq@dvmptzgfhh.org\install.rdf
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejmlnnnpijljjlllpekakmnbnininclm\1\51bb1cff16a1d8.43869328.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejmlnnnpijljjlllpekakmnbnininclm\1\background.html
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejmlnnnpijljjlllpekakmnbnininclm\1\content.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejmlnnnpijljjlllpekakmnbnininclm\1\lsdb.js
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejmlnnnpijljjlllpekakmnbnininclm\1\manifest.json
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\ejmlnnnpijljjlllpekakmnbnininclm\1\sqlite.js
- %Temp%\abbdc51bd424836cb887fbc6c3ce7656.log
- %Temp%\nsi5.tmp\spext.dll
- %Temp%\Tsu3B9DF33A.dll
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}\Addons\assistant_v3.exe
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}\Addons\ext_setup.exe
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}\Custom.dll
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}\general_logo.jpg
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}\Readme.txt
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}\Setup.exe
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}\Setup.ico
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}\v_grey.jpg
- %Temp%\{A8BBC0A1-B1D9-4577-A79C-F9FB7358E257}\_Setup.dll
- %Temp%\~DF2718.tmp
- %Common Appdata%\InstallMate\439C85DF\cfg\1.ini
- %Common Appdata%\InstallMate\439C85DF\cfg\3.ini
- %Common Appdata%\InstallMate\439C85DF\cfg\4.ini
- %Common Appdata%\InstallMate\439C85DF\cfg\4_1.ini
- %Common Appdata%\InstallMate\439C85DF\cfg\4_2.ini
- %Common Appdata%\InstallMate\439C85DF\cfg\5.ini
- %Common Appdata%\InstallMate\439C85DF\cfg\6.ini
- %Common Appdata%\InstallMate\439C85DF\cfg\6_1.ini
- %Common Appdata%\InstallMate\439C85DF\cfg\6_2.ini
- %Common Appdata%\saafe isiave\51bb1cff16c2c.dll
- %Common Appdata%\saafe isiave\51bb1cff16c2c.tlb
- %Common Appdata%\saafe isiave\settings.ini
- %Common Appdata%\saafe isiave\uninstall.exe
- %Common Startmenu%\Programs\saafe isiave\saafe isiave.lnk
- %Common Startmenu%\Programs\saafe isiave\Uninstall.lnk
- %Program Files%\SafeSaver\sprotector.dll
- %Program Files%\SafeSaver\uninstall.exe