» Smartbar.Monetization.Proxy.ProxyRemover.exe
Overview
Analysis
File Details
Programs (1)

Smartbar.Monetization.Proxy.ProxyRemover.exe

ProxyRemover

VERISTAFF.COM LTD

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application Smartbar.Monetization.Proxy.ProxyRemover.exe by VERISTAFF.COM has been detected as adware by 4 anti-malware scanners. This file is typically installed with the program SafeFinder Smartbar by Linkury Ltd. which is a potentially unwanted software program.

File name:

Publisher:

VERISTAFF.COM LTD (signed and verified)

Product:

ProxyRemover

Version:

1.0.0.0

MD5:

853762c71d0812492ba61a5b908db723

SHA-1:

d9b2cf3599d36e0b3811873c226492eb70a57481

SHA-256:

a9f4bca39eb8e1e31a66a817e1dd5156d338d16a9645065787114da1e30033d4

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

4/23/2024 3:02:53 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Linkury.Gen2

7.11.189.70

AVG

Generic

2015.0.3277

Malwarebytes

PUP.Optional.SmartBar

v2014.11.28.01

Reason Heuristics

PUP.VERISTAFFCOM.f

14.12.4.0

File size:

24.5 KB (25,104 bytes)

Product version:

1.0.0.0

Original file name:

Smartbar.Monetization.Proxy.ProxyRemover.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\lpt\smartbar.monetization.proxy.proxyremover.exe

Digital Signature

Signed by:

VERISTAFF.COM LTD

Authority:

COMODO CA Limited

Valid from:

9/15/2014 8:00:00 AM

Valid to:

9/16/2015 7:59:59 AM

Subject:

CN=VERISTAFF.COM LTD, OU=514841295, O=VERISTAFF.COM LTD, STREET=Shenkar 14, L=Hertzlya, S=TLV, PostalCode=4672514, C=IL

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2AF13BF1274B91869E8E8BA9B16282CA

File PE Metadata

Compilation timestamp:

11/19/2014 10:19:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:bqdxX6E3X1iIDg051GbdqIYtA5EaYDynYPLP6Ma56PriEAK:wEEVzDg0HCBEA5EaYDyS9aUriEAK

Entry address:

0x58A2

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.3986

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

14.5 KB (14,848 bytes)

The file Smartbar.Monetization.Proxy.ProxyRemover.exe has been discovered within the following program.

SafeFinder Smartbar by Linkury Ltd.

SafeFinder displays advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.

www.linkury.com/faq/s/faq.aspx?company=SafeFinder

67% remove it

Remove Smartbar.Monetization.Proxy.ProxyRemover.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.