» spvc32loader.dll
Overview
Analysis
File Details
Programs (2)

spvc32loader.dll

Lenovo Browser Guard

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The module spvc32loader.dll by ClientConnect has been detected as adware by 13 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Lenovo Browser Guard by ClientConnect LTD and Run_Dregol by Run_Dregol, both potentially unwanted software.

File name:

spvc32loader.dll

Publisher:

ClientConnect LTD (signed and verified)

Product:

Lenovo Browser Guard

Version:

2.14.0.129

MD5:

b01abbc173bb483d16bbb74ee27d4a79

SHA-1:

3dd5f899a46b2df8a6f46495f1e1b4969994ec64

SHA-256:

67f12f86c2e1965b559d08afe26301a15474f96b55c70dcbc85b728e845d1219

Scanner detections:

13 / 68

Status:

Adware

Explanation:

Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:

4/24/2024 8:18:10 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.SearchProtect.P

826

avast!

Win32:Conduit-D [PUP]

2014.9-141101

Baidu Antivirus

PUA.Win32.ClientConnect

4.0.3.14111

Bitdefender

Application.SearchProtect.P

1.0.20.1525

ESET NOD32

Win32/ClientConnect (variant)

8.10624

F-Secure

Application.SearchProtect.P

11.2014-01-11_7

G Data

Application.SearchProtect

14.11.24

McAfee

Artemis!8C0CC2B5C44B

5600.6960

MicroWorld eScan

Application.SearchProtect.P

15.0.0.915

Reason Heuristics

PUP.ClientConnect.M

14.11.1.2

Sophos

Generic PUA BM

4.98

Trend Micro House Call

Suspicious_GEN.F47V0826

7.2.305

VIPRE Antivirus

Conduit

34266

File size:

169.8 KB (173,896 bytes)

Product version:

2.14.0.129

Original file name:

Lenovo Browser Guard

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\lenovobrowserguard\lenovobrowserguard\bin\spvc32loader.dll

Digital Signature

Signed by:

ClientConnect LTD

Authority:

VeriSign, Inc.

Valid from:

1/28/2014 5:30:00 AM

Valid to:

1/30/2016 5:29:59 AM

Subject:

CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Lenovo Browser Guard, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

177310CAE60BB43B9E75B02DA2C1AC11

File PE Metadata

Compilation timestamp:

5/12/2014 9:17:50 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:A8vPn6729CfYNQ3veYaNx7GN2+XjgEE96WgkYMxa+r07m:36729Cfo+m3rogRkWgf7m

Entry address:

0xB88B

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 4E, 3C, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 28, 0F, 02, 10, E8, D6, 29, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 08, 53, 02, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 14, B1, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.2112

Developed / compiled with:

Microsoft Visual C++

Code size:

99 KB (101,376 bytes)

The file spvc32loader.dll has been discovered within the following programs.

Lenovo Browser Guard by ClientConnect LTD

This is a branded version for Lenovo of the Conduit/Perion Search Protect software, a potentially unwanted program that maintains the partner or affiliate directed web page.

79% remove it

Run_Dregol by Run_Dregol

Identified as a version of the CMI/ConvertAd family of malware ad-injectors, this adware which is typically bundled with third-party applications in unwanted software bundles will hijack the user's browser (Internet Explorer, Chrome and Firefox) and display unwanted ads.

80% remove it

Remove spvc32loader.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.