Logo_Malware
SearchProtect is an advertising program whose objective is to earn money by generating Web traffic. It usually moved without your knowledge via the download of freeware. For consultation of some sites, like Amazon, it offers coupons on multiple products. It collects information about your navigation habits. It promotes its products (advertisements) and boosted the ranking of sponsored sites. It displays messages of safety on the instability of the system. It slowed down the performance of the system and internet navigation.
Identified 20/05/2015

0_Features

– It belongs to a family of PUP (Potentially Unwanted Program).
– A polluteware is a software that pollutes storage and/or the Base of registers.
– Vendor : PUP.Optional

0_Main_Actions

– It installs as a process launched at startup of the system (RP),
– It changes the start page of the browser Internet Explorer (R0),
– It changes the browser Internet Explorer search page (R1),
– It installs a program of extension for browser Mozilla Firefox (M2)
– It installs a plugin for the browser Mozilla Firefox (M3)
– It installs a program of extension for the browser Google Chrome (G2)
– It is installed as a BHO (Browser Helper Object) of internet browser (O2),
– It installs as a service to be launched each time the system (O23),(SS/SR).
– It installs as a program (O42),
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45),
– It creates multiple files users (O61),
– It creates a Legacy pointing to a malware service, key in the registry (O64),
– It creates registry keys Tracing (O100),
– It creates keys from registry CLSID (O101),

0_Zhpdiag

[MD5.59F0FAB281EE4CC5A7AEEBBEAF8D0CD8] – (.Client Connect LTD – Search Protect.) — C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe [4879680] [PID.6260] [MD5.CB963FAF704F22473375856E3C2FCDE3] – (.Client Connect LTD – Search Protect.) — C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856] [PID.5248] [MD5.E08BDCB2AF67B0117FB34CF030F1E0AB] – (.Client Connect LTD – Search Protect.) — C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe [3080000] [PID.7868] O4 – HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Clé orpheline
O4 – HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Clé orpheline
O2 – BHO: SearchProtect [64Bits] – {26e67fb2-111e-417f-966e-547ac43968cf} . (.SearchProtect – SearchProtect.) — C:\Program Files (x86)\SearchProtect\SearchProtectBHO.dll
O20 – AppInit_DLLs: . (.Client Connect LTD – Search Protect.) – C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
O23 – Service: Search Protect Service (CltMngSvc) . (.Client Connect LTD – Search Protect.) – C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
O23 – Service: Update SearchProtect (Update SearchProtect) . (.Client Connect LTD – SearchProtect.) – C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
O23 – Service: Util SearchProtect (Util SearchProtect) . (.Client Connect LTD – SearchProtect.) – C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
O42 – Logiciel: Search Protect – (.Client Connect LTD.) [HKLM][64Bits] — SearchProtect[HKCU\Software\SearchProtect] [HKLM\Software\Wow6432Node\SearchProtect] O43 – CFD: 23/11/2013 – 08:14:22 – [2,260] —-D C:\Program Files\SearchProtect
O61 – LFC: 10/03/2014 – 17:05:30 —A- . (…) — C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\{random}\1.0.1_0\background.js [235] O61 – LFC: 10/03/2014 – 17:05:30 —A- . (…) — C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\{random}\1.0.1_0\content.js [271] O61 – LFC: 10/03/2014 – 17:05:30 —A- . (…) — C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\{random}\1.0.1_0\icon.png [1329] O61 – LFC: 10/03/2014 – 17:05:30 —A- . (…) — C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\{random}\1.0.1_0\manifest.json
O61 – LFC: 30/05/2014 – 13:48:57 —A- . (…) — C:\Users\Coolman\AppData\Local\Temp\n7093\SearchProtect_0104-57366623.exe [473688] O64 – Services: CurCS – 08/11/2013 – C:\Program Files\SearchProtect\updateSearchProtect.exe (Update SearchProtect) .(…) – LEGACY_UPDATE_SearchProtect
O64 – Services: CurCS – 23/11/2013 – C:\Program Files\SearchProtect\bin\utilSearchProtect.exe (Util SearchProtect) .(…) – LEGACY_UTIL_SearchProtect
SR – | Auto 08/11/2013 66336 | (Update SearchProtect) . (.Client Connect LTD – SearchProtect.) – C:\Program Files (x86)\SearchProtect\updateSearchProtect.exe
SR – | Auto 15/11/2013 66336 | (Util SearchProtect) . (.Client Connect LTD – SearchProtect.) – C:\Program Files (x86)\SearchProtect\bin\utilSearchProtect.exe
SR – | Auto 2014-05-23 2497856 | (CltMngSvc) . (.Client Connect LTD.) – C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
HKLM\SOFTWARE\Microsoft\Tracing\SearchProtect_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\SearchProtect_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\SearchProtect_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\SearchProtect_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\updateSearchProtect_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\updateSearchProtect_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\utilSearchProtect_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\utilSearchProtect_RASMANCS[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] [HKLM\SYSTEM\CurrentControlSet\Services\Update SearchProtect] [HKLM\SYSTEM\CurrentControlSet\Services\Util SearchProtect] [HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] C:\Program Files\SearchProtect
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe

0_Alias

PUP.Optional.SearchProtect.A [ Malwarebytes Antimalware ] PUP.Optional.Sambreel [ Malwarebytes Antimalware ] Adware.SearchProtect
Adware.SuperWeb
Adware.Sambreel

Remove_Software

– Remove extension of all installed browsers
– Remove the plugin of all installed browsers,
– Remove software in Windows Configuration Panel,

0_ZHPcleaner
Remove with ZHPcleaner
ZHPCleaner_EN2

0_Zhpdiag
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:20+00:00 Categories: Polluteware, PUP|Tags: , |Comments Off on PUP.Optional.SearchProtect.A