home

Sync.exe

WinThruster

Installer Wizard

The application Sync.exe, “WinThruster synchronization tool” by Installer Wizard has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This file is typically installed with the program WinThruster by Solvusoft Corporation. While running, it connects to the Internet address web30.cluster.spamfighter.com on port 80 using the HTTP protocol.
Publisher:
Solvusoft Corporation  (signed by Installer Wizard)

Product:
WinThruster

Description:
WinThruster synchronization tool

Version:
2.3.125.113

MD5:
91ed3ab11389cc509fd197a12b796a16

SHA-1:
b76b52f15d17f5fd7b076e60c570d279c6a0b00e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2025 1:54:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solvusoft.Installer.Meta (L)
16.5.27.6

File size:
344.4 KB (352,704 bytes)

Product version:
2.3.125.113

Copyright:
(c) Solvusoft Corporation. All rights reserved.

Original file name:
Sync.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\solvusoft\winthruster\sync.exe

Digital Signature
Signed by:
Installer Wizard

Authority:
COMODO CA Limited

Valid from:
8/27/2013 2:00:00 AM

Valid to:
8/27/2016 1:59:59 AM

Subject:
CN=Installer Wizard, O=Installer Wizard, STREET=848 N. Rainbow Blvd., STREET="#3321", L=Las Vegas, S=NV, PostalCode=89107, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00936840633163DBE99483CEE1F9B95E45

File PE Metadata
Compilation timestamp:
10/29/2014 6:47:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:AbMJp/VhO+zTb8DN9npixBlSDSonRaxwdH3jgw0HvAgiKIKxSyAz:wMJp/VhO+zTwFDSoRaxuH3jN0IKI/z

Entry address:
0x22111

Entry point:
E8, 22, 7A, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 40, E7, 44, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 68, AE, 44, 00, 33, C5, 89, 45, FC, 83, A5, D8, FC, FF, FF, 00, 53, 6A, 4C, 8D, 85, DC, FC, FF, FF, 6A, 00, 50, E8, 09, 27, 00, 00, 8D, 85, D8, FC, FF, FF, 89, 85, 28, FD, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, 2C, FD, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89...
 
[+]

Code size:
237 KB (242,688 bytes)

Scheduled Task
Task name:
WinThruster-KLOC-Notification

Path:
C:\WINDOWS\Tasks\WinThruster-KLOC-Notification.job

Trigger:
Daily (Runs daily at 10:07)


The file Sync.exe has been discovered within the following program.

WinThruster  by Solvusoft Corporation
Publisher's description - “WinThruster detects and repairs hundreds of PC errors, optimizes performance settings, and speeds up your PC. It repairs PC problems, decrease program load time, removes PC clutter, extends your computer's life, and restores system performance.”
solvusoft.com
40% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to web30.cluster.spamfighter.com  (91.192.52.205:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):
Connects to host-176-43-136-7.reverse.superonline.net  (176.43.136.7:80)

TCP (HTTP):
Connects to crl.comodoca.com.cdn.cloudflare.net  (178.255.83.2:80)

TCP (HTTP):
Connects to www.sayfabulunamadi.com  (93.155.105.142:80)

TCP (HTTP):
Connects to a104-81-60-80.deploy.static.akamaitechnologies.com  (104.81.60.80:80)

Remove Sync.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.