home

WinLive.dll

MPlugin

The module WinLive.dll, “Microsoft Updates for Internet Explorer” has been detected as a potentially unwanted program by 7 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Blog This in Windows Live’.
Product:
MPlugin

Description:
Microsoft Updates for Internet Explorer

Version:
1.0.0.0

MD5:
6d229ffc2d488048216b96b48d81732d

SHA-1:
d16d81a0d834d57953ce2628933afb2d0653a367

SHA-256:
1cce0b5e8ef78254b5d5bb92035a4befa98068552bfbe8aff0d51a4be7e743b6

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
5/12/2025 8:56:55 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.MSIL.BHO
4.0.3.14115

Comodo Security
UnclassifiedMalware
17533

ESET NOD32
MSIL/Adware.BHO (variant)
7.9239

McAfee
Artemis!6D229FFC2D48
5600.7250

Rising Antivirus
PE:Trojan.Win32.Generic.151F4199!354369945
23.00.65.14113

Trend Micro House Call
TROJ_GEN.R0CBH05L613
7.2.365

VIPRE Antivirus
Trojan.Win32.Generic
25000

File size:
24 KB (24,576 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2010

Original file name:
WinLive.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\winlive\winlive.dll

File PE Metadata
Compilation timestamp:
3/9/2012 10:45:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:GDGyEl0IRQa3rAVWNClKWMlkilKfKOxkgYaU+7QJrwgGlbcrKcg7uo:GCLNQa3ei8fKA2+7ynAbcrKcgS

Entry address:
0x76AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.5089

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
22 KB (22,528 bytes)

Internet Explorer BHO
CLSID:
{2adefb8e-b923-35e6-86e2-2b7841f5d6a4}

CLSID name:
Blog This in Windows Live


Remove WinLive.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.