home

clearthinkbho.dll

ClearThink

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module clearthinkbho.dll by ClearThink has been detected as adware by 21 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘ClearThink 1.0.0.6’. This file is typically installed with the program ClearThink by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
ClearThink  (signed and verified)

Product:
ClearThink

Version:
1.0.0.6

MD5:
062bdb46b122d66b7b59602b7e18a7a3

SHA-1:
77751026d569fa8fa15558daa379d895a6d8972b

SHA-256:
1a9b6cd564d5ab0cffac99f207c4edf09d2ab5afb9f6d399d3516e8bcbef8021

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 1:54:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CN
6213306

AhnLab V3 Security
Win-PUP/BrowseFox.Gen
2014.12.22

Avira AntiVirus
ADWARE/BrowseFox.Gen2
7.11.197.26

AVG
Adware BrowseFox.F
2014.0.4235

Bitdefender
Adware.SwiftBrowse.CN
1.0.20.1780

Comodo Security
Application.Win32.BrowseFox.JM
20438

Dr.Web
Trojan.BPlug.215
9.0.1.05190

Emsisoft Anti-Malware
Adware.SwiftBrowse.CN
9.0.0.4668

ESET NOD32
Win32/BrowseFox.O potentially unwanted application
7.0.302.0

F-Secure
Adware.SwiftBrowse.CN
5.13.68

G Data
Adware.SwiftBrowse.CN
14.12.24

K7 AntiVirus
Trojan
13.188.14395

Malwarebytes
PUP.Optional.ClearThink.A
v2014.12.22.04

McAfee
Program.BrowseFox
16.8.708.2

MicroWorld eScan
Adware.SwiftBrowse.CN
15.0.0.1068

NANO AntiVirus
Trojan.Win32.BPlug.dfogbn
0.28.6.64267

Norman
Adware.SwiftBrowse.CN
04.12.2014 14:30:06

nProtect
Adware.SwiftBrowse.CN
14.12.19.01

Reason Heuristics
PUP.BHO.ClearThink.N
14.12.22.3

Vba32 AntiVirus
AdWare.SwiftBrowse
3.12.26.3

VIPRE Antivirus
Threat.4741131
35418

File size:
244.2 KB (250,096 bytes)

Product version:
1.0.0.6

Copyright:
(c) ClearThink. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\clearthink\clearthinkbho.dll

Digital Signature
Signed by:
ClearThink

Authority:
VeriSign, Inc.

Valid from:
10/9/2014 3:00:00 AM

Valid to:
8/6/2015 2:59:59 AM

Subject:
CN=ClearThink, O=ClearThink, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59B72B1DB71CE323997B1EAF80E12AAE

Registration
CLSID:
{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
12/20/2014 4:23:14 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:wsJohzQzs4Nza354yklBTA7iuzTci+bIaIcvQdCzV:wxzQzs4Q3WylUIAICzV

Entry address:
0x12854

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 80, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 04, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 0C, A5, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3617

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
ClearThink 1.0.0.6

CLSID:
{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}


The file clearthinkbho.dll has been discovered within the following programs.

ClearThink  by Yontoo Technology, Inc.
ClearThink is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.
useclearthink.com/support
83% remove it
 
Powered by Should I Remove It?

Remove clearthinkbho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.