home

dnswatch.exe

Social Privacy DNS

The executable dnswatch.exe has been detected as malware by 2 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘dnsshield’. This file is typically installed with the program Social Privacy DNS by SocialPrivacy.org which is a potentially unwanted software program.
Product:
Social Privacy DNS

Version:
1, 0, 0, 1

MD5:
77aea6e0f5a28dbe8f057d5c7a7ad2ff

SHA-1:
07a19b5effdc59738615d2e701741448450048f1

SHA-256:
f85db4274d6ea076578761eecf891ef6e18c8709baab914e99774eccad3f2498

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
5/5/2025 12:12:55 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation
14.7.25.13

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
145 KB (148,480 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2013

Original file name:
dnswatch.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\social privacy dns\dnswatch.exe

File PE Metadata
Compilation timestamp:
11/12/2013 11:36:49 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:3u0q9+d3iKKvp++r9NAg9o6ThBc7RVdN5O6kGc918scvY/cOc0sWjcdWT1C6N9Xl:e0cB+ooa4N5O5qsmYQ7WT1C6N1l

Entry address:
0xB202

Entry point:
E8, F3, 6C, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 53, 56, 8B, 35, B4, A0, 41, 00, 57, 8B, 7D, 08, 57, FF, D6, 83, 7F, 78, 00, 74, 05, FF, 77, 78, FF, D6, 8B, 87, 80, 00, 00, 00, 85, C0, 74, 03, 50, FF, D6, 83, 7F, 7C, 00, 74, 05, FF, 77, 7C, FF, D6, 8B, 87, 88, 00, 00, 00, 85, C0, 74, 03, 50, FF, D6, 6A, 06, 58, 8D, 5F, 1C, 89, 45, 08, 81, 7B, F8, 24, 17, 42, 00, 74, 0C, 83, 3B, 00, 74, 07, FF, 33, FF, D6, 8B, 45, 08, 83, 7B, F4, 00, 74, 0E, 83, 7B, FC, 00, 74, 08, FF, 73, FC, FF, D6, 8B, 45, 08, 83, C3...
 
[+]

Entropy:
6.2816

Code size:
97.5 KB (99,840 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
dnsshield

Command:
C:\Program Files\social privacy dns\dnswatch.exe


The file dnswatch.exe has been discovered within the following program.

Social Privacy DNS  by SocialPrivacy.org
SocialPrivacy is an advertising supported potentially unwanted program that bills itself as a privacy protector but may also capture user information and interfere with web browsing activities.
www.socialprivacy.org
79% remove it
 
Powered by Should I Remove It?

Remove dnswatch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.