ClientConnect LTD

Publisher Information

ClientConnect LTD is a software developer located in Ness Ziona, Israel*. The company is a primary distributor of unwanted software. ClientConnect is the division of browser toolbars and web browser extensions that was formed out of the merger of Conduit and Perion. Perion effectively took over Conduit's toolbar development and distribution business now named ClientConnect ("Conduit will spin off its Client Connect business, which includes its monetization and distribution platform for publishers and developers."). ClientConnect is the current distribution source of various bundlers including Search Protect and SweetPacks Toolbar. Thre are 30 additional code signing certificates issued to this publisher.
Remove ClientConnect LTD Malware - Powered by Reason Core Security
Authority:
VeriSign, Inc.

Valid from:
2/3/2014 1:00:00 AM

Valid to:
2/5/2016 12:59:59 AM

Subject:
CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
173d1f00e27a9d60265b3ab0b87f2ed8

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Conduit.ClientConnect (M), PUP.Conduit.ClientConnect.Installer (M)
100.00%

VIPRE Antivirus
Conduit
38.00%

AVG
SearchProtect, Generic_r
38.00%

ESET NOD32
Win32/ClientConnect.C potentially unwanted (variant), Win32/Conduit.SearchProtect (variant), Win32/ClientConnect (variant)
36.00%

SUPERAntiSpyware
Adware.SearchProtect/Variant, Trojan.Agent/Gen-Nullo[Short], PUP.SearchProtect/Variant
36.00%

Baidu Antivirus
Adware.Win32.Conduit, Trojan.Win32.ClientConnect
36.00%

Sophos
Generic PUA LD (PUA), PUA 'Conduit Search Protect', Generic PUA PJ (PUA), W32/Expiro-X
34.00%

Malwarebytes
PUP.Optional.SearchProtect.A, PUP.Optional.SearchProtect.AppFlsh, PUP.Optional.Conduit.A
34.00%

G Data
Win32.Application.SearchProtect, Win32.Application.Agent.1LERNJ, Win64.Application.SearchProtect.AB@gen, Win32.Application.SearchProtect.AA@gen
34.00%

Dr.Web
Adware.Conduit.284, Adware.Conduit.45, Adware.Conduit.382, Trojan.Damaged.1
32.00%

1 / 68      (Adware)
sppd.sys  (a6b018a7494059a9c550973914c0763d)

1 / 68      (Adware)
sppd.sys  (39fe2e44e637f158366ade58ea03d3ef)

10 / 68    (Adware)
spvc64.dll (Search Protect by Client Connect)  (c4315194856e759a4ff48e1df2670294)

12 / 68    (Adware)
sptool64.exe (Search Protect by Client Connect)  (a2f6e11e583fe15a073784310b43343f)

12 / 68    (Adware)
sptool.dll (Search Protect by Client Connect)  (fb98351afb455e42a6d3ba1c8e5c3c41)

31 / 68    (Adware)
spsetup.exe (Search Protect by Client Connect)  (02fae9b47cfedf58bcbc5ce6970a6c25)

1 / 68      (Adware)
sppd.sys  (5f5e55b5b9b5ad2249844afc2cf48a1c)

1 / 68      (Adware)
sppd.sys  (e621819a8e29c8a34e5cf155843a6e2b)

31 / 68    (Adware)
spsetup.exe (Search Protect by Client Connect)  (69e1cc213803567b39a6172e86cff6ca)

33 / 68    (Adware)
cltmngsvc.exe (Search Protect by Client Connect)  (cb963faf704f22473375856e3c2fcde3)

1 / 68      (Adware)
nsd280c.tmp (Search Protect by Client Connect)  (34aff0ae7f9695200b05121b1e1433b0)

1 / 68      (Adware)
sppd.sys  (2b3a2f77e6994e80d1010ab7799b9129)

1 / 68      (Adware)
sppd.sys  (d1ba162eccaff9d2e763392e305310bb)

1 / 68      (Adware)
nst79b4.tmp  (b7f859766136e9d8f70dce9c3fedd3d9)

1 / 68      (Adware)
nsaaf93.tmp (Search Protect by Client Connect)  (3403f2feccd21259fa67653decb6bddf)

1 / 68      (Adware)
sppd.sys  (2fbf860c3d9bd537eb30373ac79844d1)

1 / 68      (Adware)
nso5d25.tmp (Search Protect by Client Connect)  (741e575a99b7cd55d7b7968174b3f23f)

1 / 68      (Adware)
sppd.sys  (80e971ecf4538c0a86edc656dbf4b312)

1 / 68      (Adware)
nslcbb4.tmp  (53229c9250a42c5dd47b224472814849)

1 / 68      (Adware)
nsl2be2.tmp  (aeba344ddf95d0b1b0db3e90df65dc82)

1 / 68      (Adware)
sppd.sys  (dcfe9b466e73df19bec1515f750b7b8e)

31 / 68    (Adware)
spsetup.exe (Search Protect by Client Connect)  (337992f7c5f13cdaee927793b40c8ec2)

1 / 68      (Adware)
sppd.sys  (c39cfda44948cae96eda6ac9267d7c7b)

1 / 68      (Adware)
sppd.sys  (d80f5ca8b55f246a719c41370d1a24f6)

1 / 68      (Adware)
sppd.sys  (1f3dcc7353ce1d0c8d8f8fe87c45aa1a)

31 / 68    (Adware)
spsetup.exe (Search Protect by Client Connect)  (afd21e41a8c5912fe2604ac89460dd8c)

10 / 68    (Adware)
spvc64.dll (Search Protect by Client Connect)  (817d8906cd024a31545dd64ff4afb786)

10 / 68    (Adware)
spvc32.dll (Search Protect by Client Connect)  (fe04acc3df1fb645c6b150702ba46014)

13 / 68    (Adware)
uninstall.exe (Search Protect by Client Connect)  (27478ec8548791fdd45432c147fcf7ca)

12 / 68    (Adware)
sptool.dll (Search Protect by Client Connect)  (6d4a342ae84bbc5492c06b79be643c4b)

 
Latest 30 of 537 files

Top-level domains owned by ClientConnect LTD.

The certificates below are also signed by ClientConnect LTD.

354F4C7E49A131A6E4BF89B253C78A2D  (Dec 30, 2014 to Dec 26, 2016)

07A465C6BD7A554BCBAC4E39D5889DAF  (Nov 23, 2014 to Nov 23, 2016)

6E08571F7C2C630E2F418F38E3B31674  (Jul 30, 2014 to Jul 31, 2016)

3215FFC06E15A37E45F6521CECC8C3BD  (Jul 09, 2014 to Jul 10, 2016)

552491364DFD4261C3C5D20F5503F94C  (Jun 19, 2014 to Jun 20, 2016)

41E7062BC1FD079BD90453D7B130730C  (Jun 15, 2014 to Jun 16, 2016)

2212C4948383813DC0714A0028280207  (May 27, 2014 to May 28, 2016)

123F28AFC6155B8A2D814F4215DA7FE6  (May 13, 2014 to May 14, 2016)

66CB8C3D79A78302BD990C405680DC66  (May 03, 2014 to May 04, 2016)

36AC210D3412C8646EB3F4C8EE541402  (Apr 29, 2014 to Apr 30, 2016)

10 of 30 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Remove ClientConnect LTD Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to ClientConnect LTD by VeriSign, Inc. on February 03, 2014 with the serial number '173d1f00e27a9d60265b3ab0b87f2ed8'.