Sunday, January 18, 2015

Malwares my computer affected with!

Recently my computer became slower considerably.I supposed that It was because of some malwares and I checked my running processes immediately.Then I saw some unknown processes running.This story is about malwares I faced with.







HpUI.exe
HpUI.exe is a potentially unwanted application that may hijack your web browser and display ads on your computer. It's belongs SupTab and Search Protect programs (probably some other adware programs too) that are classified as adware PUP. Search Protect redirects users to search.conduit.com. Multiple anti-virus engines have detected this file as malicious: Zhangling.BCD 20140807, Adware.Win32.SupTab.8120140807,HEUR/Malware.QVM06.Gen 20140807, SearchProtect 20140807. The first detection name is quite interesting because AVG anti-virus uses Zhangling as an identifier. But indeed, HpUI.exe has a valid certificated and its signer name is Zhang Ling. Other anti-virus programs use more obvious names such as adware SupTab and SearchProtect. Just like most adware and PUPs, it's distributed via pay per install networks and fake Flash or Java update web pages. It also comes bundled with freeware, toolbars and other applications like screensavers or even driver downloads. HpUI.exe is usually located in the 'C:\Program Files\SupTab\' folder and in Windows %Temp% folder. It remains unclear what's the main purpose if this file but it runs in the background all the time and uses system resource. I also noticed network activities related to this program. Needles to say, it's not essential for Windows and may cause lots of problems including annoying ads and system crashes

YoutubeAdBlocker


YoutubeAdBlocker is an adware program that displays pop-up ads, advertisement banners and sponsored links within Internet Explorer, Firefox and Google Chrome. Unfortunately, some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed YoutubeAdBlocker without your knowledge.
YoutubeAdBlocker is advertised as a program that blocks ads while watching a video on Youtube. Though this may sound like a useful service, the YoutubeAdBlocker program can be intrusive and will display ads whether you want them to or not.The YoutubeAdBlocker adware infection is designed specifically to make money. It generates web traffic, collects sales leads for other dubious sites, and will display advertisements and sponsored links within your web browser.
YoutubeAdBlocker it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program.
YoutubeAdBlocker is an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer, Firefox and Chrome, and distributed through various monetization platforms during installation. YoutubeAdBlocker is typically added when you install another free software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this adware program. When you install these free programs, they will also install YoutubeAdBlocker as well. Some of the programs that are known to bundle YoutubeAdBlocker include “Youtube Downloader HD”, “Fast Free Converter”, “Video Media Player 1.1″ and “DVDX Player 3.2″.
When installed, YoutubeAdBlocker will display advertising banners on the webpages that you are visiting, stating that they are brought to you by “Ads by YoutubeAdBlocker“.YoutubeAdBlocker may also display pop-up advertisements, in-text ads and and as you browse Internet, it will show coupons and other deals available on different websites.
The justification for YoutubeAdBlocker Ads according to its author, is that it helps recover programming development cost and helps to hold down the cost for the user.


IePluginService.exe


IePluginService.exe is a potentially unwanted program that is designed to protect its bundled programs and make sure they remain installed or unchanged by other third party programs.
The IePluginService.exe program is a part of the “IePlugin control” program, and is developed by Cherished Technology Limited, a company known for their malicious programs.
There are 6 versions of IePluginService.exe in the wild, the latest version being 3.26.5.0. It is started as a Windows Service with the name ‘WPM Service’. During the process’s lifecycle, the typical CPU resource utilization is about 0.0001% including both foreground and background operations, the average private memory consumption is about 3.55 MB with the maximum memory reaching around 6.96 MB. Additionally, typically read and write I/O disk operations is about 0 Bytes per minute for reads and 0 Bytes per minute for writes.
If you have IePluginService.exe program on your system, you will typically see a “IePluginService.exe” processes running in the Windows Task Manager.
IePluginService.exe is typically added when you install another free software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this program. Very often users have no idea where did it come from, so it’s not surprising at all that most of them assume that IePluginService.exe is a virus.
This program is also bundled within the custom installer on many reputable download sites, so if you have downloaded a software from these websites, chances are that IePluginService.exe was installed during the software setup process.
IePluginService.exe it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program.
Once installed, IePluginService.exe will change the default search engine and home page in all major web browsers, and if you try to revert to their default settings, this program will not allow you to perform these changes.
IePluginService.exe is bundled within the installer of many toolbars, adware and other potentially unwanted programs, with the sole purpose of making the removal process of this programs more difficult.
Some examples of infections that will install the IePluginService.exe program are: AwesomeHP Toolbar, Sweet-Page Toolbar Platform, Sweet-Page Toolbar, Do-Searches Toolbar and many more programs


CONCLUSION

You should always pay attention when installing software because often, a software installer includes optional installs, such as this these malwares. Be very careful what you agree to install.
Always opt for the custom installation and deselect anything that is not familiar, especially optional software that you never wanted to download and install in the first place. It goes without saying that you should not install software that you don’t trust.


references:
http://deletemalware.blogspot.com/


No comments:

Post a Comment