» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

Media View alpha 1579

Media View

The application uninstall.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program Media View by Media View. This file is typically installed with the program Media View by Adware.BetterSurf which is a potentially unwanted software program. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

uninstall.exe

Publisher:

Media View

Product:

Media View alpha 1579

Version:

1.1

MD5:

2b9ea0d5e24f11acb058391968121054

SHA-1:

696510c432ac873f6b1f6860aa7e75ce9f35b795

SHA-256:

9813d2906cf0187c0f608f08ec7efcbd5203acd4c23177781555aa9e8860b46f

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 9:08:22 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.1012483

836

AegisLab AV Signature

Win.Adware.Toggle

2.1.4+

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetize

2014.10.22

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.180.106

avast!

PUP-gen [PUP]

141003-0

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.141022

Bitdefender

Adware.Generic.1012483

1.0.20.1475

Comodo Security

Application.Win32.Amonetize.B

19870

Emsisoft Anti-Malware

Adware.Generic.1012483

8.14.10.22.03

ESET NOD32

Win32/Amonetize.X potentially unwanted application

7.0.302.0

F-Secure

Adware.Generic.1012483

11.2014-22-10_4

G Data

Adware.Generic.1012483

14.10.24

K7 AntiVirus

Trojan

13.184.13741

Malwarebytes

PUP.Optional.MediaView.A

v2014.10.22.03

McAfee

Artemis!75FCCC3FFE4F

5600.6970

MicroWorld eScan

Adware.Generic.1012483

15.0.0.885

NANO AntiVirus

Trojan.Win32.Amonetize.deinhm

0.28.2.62841

Rising Antivirus

PE:Trojan.Win32.Generic.168564B7!377840823

23.00.65.141020

Sophos

Generic PUA JP

4.98

SUPERAntiSpyware

PUP.MediaView/Variant

10285

Trend Micro House Call

TROJ_GEN.R0CBH05JL14

7.2.295

VIPRE Antivirus

Threat.4866310

33706

File size:

285.6 KB (292,458 bytes)

Product version:

1.1

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\Program Files\mediaviewv1\mediaviewv1alpha1579\uninstall.exe

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:Ee34wby7/Zmhg9ud3/9yfDwaEqmjkFxx0rwzxoIdULRww:1G7AhzNFQDXZXZxoIuLRww

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9303

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Program Uninstaller

Program name:

Media View

Display publisher:

Media View

Display version:

1.1

Uninstall string:

C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1579\uninstall.exe

The file uninstall.exe has been discovered within the following program.

Media View by Adware.BetterSurf

Once infected by this common symptoms include: - Random web page text is turned into hyperlinks. - Browser popups appear which recommend fake updates or other software. - Ads with red click here button will pop up when those links are hovered on.

82% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.