myosprotect.exe

MyOSProtect.exe

MyOSCompany

The application myosprotect.exe has been detected as adware by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “MyOSProtect”. This file is typically installed with the program Web Protect for Windows by Web Protect which is a potentially unwanted software program. While running, it connects to the Internet address xx-fbcdn-shv-01-sin6.fbcdn.net on port 443.
Publisher:
MyOSCompany

Product:
MyOSProtect.exe

Version:
2.2.9.10

MD5:
411f9eef72cacd4e76431b282099a3a6

SHA-1:
f91aadf2e65a4ae53f5002bb4a8e933acaef7b31

SHA-256:
68bda51adf31a6db3023a530c700b904ebb972dd9a0352a52acfc80508304624

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
9/23/2018 2:03:51 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.MyOSProtect
4.0.3.14929

Malwarebytes
PUP.Optional.OSProtect.A
v2014.09.29.10

Reason Heuristics
Threat.Win.Reputation
14.9.29.9

File size:
1.3 MB (1,317,096 bytes)

Product version:
2.2.9.10

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\web protect\myosprotect.exe

File PE Metadata
Compilation timestamp:
9/1/2014 10:26:48 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:vGi1lTHe4Gb7EKXu9MU7KfCKhwuNIQKIGO2hRNg0CrBgqnxye:vGsT+4Gb7LiMUWnUI2h6r6qnse

Entry address:
0x3755

Entry point:
E8, 02, 4C, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 63, 0C, 00, 00, 8B, FF, 56, 6A, 01, 68, 74, A0, 41, 00, 8B, F1, E8, 97, 0F, 00, 00, C7, 06, FC, 42, 41, 00, 8B, C6, 5E, C3, C7, 01, FC, 42, 41, 00, E9, FC, 0F, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FC, 42, 41, 00, E8, E9, 0F, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, B0, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 68, 0F, 00, 00, C7, 06, FC, 42, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B...
 
[+]

Entropy:
7.9778  (probably packed)

Code size:
68.5 KB (70,144 bytes)

Service
Display name:
MyOSProtect

Description:
This service protects your computer from malicious websites and attacks while you are browsing the internet

Type:
Win32OwnProcess

Depends on:
RPCSS


The file myosprotect.exe has been discovered within the following program.

Web Protect for Windows  by Web Protect
Web Protect is a web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search.
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a72-246-163-119.deploy.akamaitechnologies.com  (72.246.163.119:443)

TCP (HTTP SSL):
Connects to a184-24-17-215.deploy.static.akamaitechnologies.com  (184.24.17.215:443)

TCP:
Connects to qh-in-f188.1e100.net  (74.125.22.188:5228)

TCP:
Connects to yk-in-f188.1e100.net  (74.125.196.188:5228)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP):
Connects to qg-in-f95.1e100.net  (74.125.29.95:80)

TCP (HTTP SSL):
Connects to pr.comet.vip.ne1.yahoo.com  (98.138.79.73:443)

TCP (HTTP SSL):
Connects to pr.comet.vip.bf1.yahoo.com  (66.196.116.112:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP SSL):
Connects to channel-proxy-shv-04-frc3.facebook.com  (173.252.107.16:443)

TCP (HTTP SSL):
Connects to bam-1.nr-data.net  (50.31.164.165:443)

TCP (HTTP):
Connects to a96-6-113-130.deploy.akamaitechnologies.com  (96.6.113.130:80)

TCP (HTTP SSL):
Connects to 201-0-223-212.dial-up.telesp.net.br  (201.0.223.212:443)

TCP (HTTP SSL):
Connects to yk-in-f19.1e100.net  (74.125.196.19:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-04-sjc1.fbcdn.net  (31.13.77.55:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-03-sjc1.fbcdn.net  (31.13.77.39:443)

TCP (HTTP):
Connects to www.prestoexperts.com  (208.89.12.42:80)

TCP (HTTP):
Connects to www.ldc.goldman-sachs-research.com  (209.234.235.188:80)

TCP (HTTP):
Connects to www.goldman-sachs-research.com  (209.234.226.188:80)

TCP (HTTP):
Connects to ws-hpsn-dtc-a.evip.aol.com  (205.188.60.131:80)

Remove myosprotect.exe - Powered by Reason Core Security