» Smartbar.Monetization.Proxy.ProxyRemover.exe
Overview
Analysis
File Details
Programs (2)

Smartbar.Monetization.Proxy.ProxyRemover.exe

ProxyRemover

PINWID LTD

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application Smartbar.Monetization.Proxy.ProxyRemover.exe by PINWID has been detected as adware by 2 anti-malware scanners. Additionally, the file is typically installed by a number of programs including LPT System Updater Service by Linkury Ltd. and Muvic Smartbar by Pinwid Ltd., both potentially unwanted software.

File name:

Publisher:

PINWID LTD (signed and verified)

Product:

ProxyRemover

Version:

1.0.0.0

MD5:

c141e89b645f1afa057cd6ee6f618e0b

SHA-1:

b548389d3e58f879c2baa926b04098b500746973

SHA-256:

5388836ef31922e2173d60ff94fdf6f6586d3d64dd0f0496a8f5d1072db8de56

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/25/2024 9:31:31 AM UTC (today)

Scan engine

Detection

Engine version

AVG

MalSign.Pindi

2015.0.3495

Reason Heuristics

PUP.PINWID.f

14.4.24.9

File size:

23 KB (23,584 bytes)

Product version:

1.0.0.0

Original file name:

Smartbar.Monetization.Proxy.ProxyRemover.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\lpt\smartbar.monetization.proxy.proxyremover.exe

Digital Signature

Signed by:

PINWID LTD

Authority:

COMODO CA Limited

Valid from:

2/4/2014 7:00:00 PM

Valid to:

2/5/2015 6:59:59 PM

Subject:

CN=PINWID LTD, O=PINWID LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46733, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D9AC9FC9A1B1E8FD63013E3CCE7B0578

File PE Metadata

Compilation timestamp:

2/12/2014 1:21:37 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:bReeOdNvqJkSdfh4xQZhHcOS8DtTImVMyYDGnhCxYPLg8l4jY:bRROuk24xQZe8JTImZYDGMElD

Entry address:

0x549A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4996

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

13.5 KB (13,824 bytes)

The file Smartbar.Monetization.Proxy.ProxyRemover.exe has been discovered within the following programs.

LPT System Updater Service by Linkury Ltd.

This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.

81% remove it

Muvic Smartbar by Pinwid Ltd.

This adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of banners and text-links (roll-overs) as well as some popup ads.

www.browse-search.com/?

80% remove it

Remove Smartbar.Monetization.Proxy.ProxyRemover.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.