» productsremovaltool.exe
Overview
Analysis
File Details
Programs (2)

productsremovaltool.exe

Smartbar.Resources.ProductsRemovalTool

PINWID LTD

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application productsremovaltool.exe by PINWID has been detected as adware by 6 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Muvic Smartbar by Pinwid Ltd. and Muvic Smartbar Engine by Pinwid Ltd., both potentially unwanted software.

File name:

Publisher:

PINWID LTD (signed and verified)

Product:

Smartbar.Resources.ProductsRemovalTool

Version:

1.0.0.0

MD5:

e6ea41eed3d771e27676c09a623fcca6

SHA-1:

3c8875ad0c06a6ff777da3b87284b61129c7e209

SHA-256:

4ec83fbcfe3b1c3fecf531ebbd88509eaf97ec65049b531ffea39bf7c3ee41e9

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

4/25/2024 11:33:32 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Linkury.Gen2

7.11.177.42

AVG

Pinwid

2015.0.3325

IKARUS anti.virus

AdWare.Linkury

t3scan.1.6.1.0

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Reason Heuristics

PUP.PINWID.T

14.10.10.20

VIPRE Antivirus

Adware.Linkury

33734

File size:

122 KB (124,952 bytes)

Product version:

1.0.0.0

Original file name:

Smartbar.Resources.ProductsRemovalTool.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\smartbar\application\productsremovaltool.exe

Digital Signature

Signed by:

PINWID LTD

Authority:

COMODO CA Limited

Valid from:

8/13/2014 8:00:00 AM

Valid to:

8/14/2015 7:59:59 AM

Subject:

CN=PINWID LTD, OU=514841295, O=PINWID LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=TLV, PostalCode=4672514, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009956EF23AED48987569DC3E7434BBB19

File PE Metadata

Compilation timestamp:

10/6/2014 7:31:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:xCE3nrM1OcChFsnpaYBh034WGMECLJhzWs3YeueWJy:TDFaC341FCXzWV3O

Entry address:

0x1DEFA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7372

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

112 KB (114,688 bytes)

The file productsremovaltool.exe has been discovered within the following programs.

Muvic Smartbar by Pinwid Ltd.

This adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of banners and text-links (roll-overs) as well as some popup ads.

www.browse-search.com/?

80% remove it

Muvic Smartbar Engine by Pinwid Ltd.

This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.

82% remove it

Remove productsremovaltool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.