home

googlechromeremoteplugin.dll

GoogleChromeRemotePlugin

Linkury

This is part of the Linkury monetization software, a web browser toolbar used to 'hijack' a user's search in order to collect revenues. The module googlechromeremoteplugin.dll by Linkury has been detected as adware by 24 anti-malware scanners. This file is typically installed with the program QuickShare by Linkury Inc. which is a potentially unwanted software program.
Publisher:
Linkury  (signed and verified)

Product:
GoogleChromeRemotePlugin

Description:
nprt

Version:
1, 0, 0, 1

MD5:
c8bf4431758240052e65378596f60937

SHA-1:
32c1e2efc5bbc070a8a6b95377174e1366c49624

SHA-256:
6711329cc9a7de96c1b763b7480459446dfe255b139269eeccc72c47187ba0fe

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
4/27/2024 4:02:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Linkury.B
358

Agnitum Outpost
PUA.Toolbar.Linkury
7.1.1

Avira AntiVirus
Adware/Linkury.D
7.11.112.250

AVG
MalSign.Pindi
2017.0.2836

Baidu Antivirus
Adware.Win32.Linkury
4.0.3.16211

Bitdefender
Adware.Linkury.B
1.0.20.210

Dr.Web
Trojan.Damaged.1
9.0.1.042

Emsisoft Anti-Malware
Adware.Linkury
8.16.02.11.10

ESET NOD32
Win32/Toolbar.Linkury.D potentially unwanted application
10.7.0.302.0

F-Secure
Adware.Linkury.B
11.2016-11-02_5

G Data
Adware.Linkury
16.2.24

IKARUS anti.virus
PUA.Linkury
t3scan.1.6.1.0

McAfee
Artemis!738AB7712F53
5600.6492

MicroWorld eScan
Adware.Linkury.B
17.0.0.126

NANO AntiVirus
Riskware.Win32.Linkury.ddpups
0.28.6.64267

Norman
Adware.Linkury.B
11.20160211

nProtect
Adware.Linkury.B
14.08.06.01

Panda Antivirus
PUP/LinkUry
16.02.11.10

Reason Heuristics
PUP.Linkury (M)
16.2.11.22

Sophos
Generic PUA JF
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9329

Trend Micro House Call
TROJ_GEN.F47V0929
7.2.42

VIPRE Antivirus
Adware.Linkury
30656

XVirus List
Win.Detected
2.3.31

File size:
165.3 KB (169,240 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright © 1999

Original file name:
nprt.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\googlechromeremoteplugin.dll

Digital Signature
Signed by:
Linkury

Authority:
VeriSign, Inc.

Valid from:
4/11/2012 8:00:00 PM

Valid to:
5/11/2015 7:59:59 PM

Subject:
CN=Linkury, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Linkury, L=Ramat Gan, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
77A9B89A06B99100955A838E8BB46FF8

File PE Metadata
Compilation timestamp:
2/27/2013 9:39:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:GHSpZO6SL37VU8PevV6fnwA9/Pnnhvfx4ZceAi6xz/WhF75WrgURzjAx6A:xufnN9fsHAtxz/IydM

Entry address:
0xB42C

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3A, 7D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 58, 54, 02, 10, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 5C, 54, 02, 10, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 57, 57, 00, 00, 85, C0, 75, 06, B8, C0, 55, 02, 10, C3, 83, C0, 08, C3, E8, 44, 57, 00, 00, 85, C0, 75...
 
[+]

Entropy:
6.4514

Code size:
115.5 KB (118,272 bytes)

The file googlechromeremoteplugin.dll has been discovered within the following program.

QuickShare  by Linkury Inc.
QuickShare, also know as Smartbar, is an auto-starting program that is typically bundled with various shareware software. It displays advertising and is designed to run when Windows boots up.
www.linkury.com/faq/NS/faq.aspx?c=QuickShare
79% remove it
 
Powered by Should I Remove It?

Remove googlechromeremoteplugin.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.