Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Additional versions
Relationships
AdvancedSystemProtector.exe
Advanced System Protector by Systweak Software (Signed)
| Version: | 2.1.1000.10568 |
| MD5: | 59727297d6a30fc41e0427ffb1fd72f8 |
| SHA1: | f2b23dbd993783faa095245b30fbbe9595ba1cbd |
| SHA256: | 8d0d6ee196dc4b7d12d396b2dcede31dabeee1e2bfca9f0574204603e2592a13 |
Warning 3 antivirus scanners has detected malware.
Overview
advancedsystemprotector.exe is malware that executes as a process with the local user's privileges. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). This is typically installed with the program Advanced System Protector published by Systweak Inc. The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). The file is digitally signed by Systweak Software which was issued by the VeriSign certificate authority (CA).
Details
| File name: | advancedsystemprotector.exe |
| Publisher: | Systweak |
| Product name: | Advanced System Protector |
| Typical file path: | C:\Program Files\advanced system protector\advancedsystemprotector.exe |
| File version: | 2.1.1000.10568 |
| Size: | 6.1 MB (6,399,344 bytes) |
| Certificate |
| Issued to: | Systweak Software |
| Authority (CA): | VeriSign |
| Effective date: | Monday, December 10, 2012 |
| Digital DNA |
| File packed: | No |
| Code language: | Microsoft Visual C# / Basic .NET |
| .NET CLR: | Yes |
| .NET NGENed: | No |
More details
Programs
The following program will install this file
“Advanced System Protector is a solution to detect and remove the malicious programs intruding your computer. It offers protection against deceptive applications that affect start-up programs, cookies, Registry entries, and files and folders to hide themselves in your system. Check for infections in all vulnerable areas and safeguard your hard work and personal data. With the vast database of malware detections you can efficiently contro...”
Behaviors
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\Advanced System Protector_startup'
Scheduled tasks
- The job 'Advanced System Protector_startup' runs on logon in the path '\Advanced System Protector_startup'
- Entry path '\Advanced System Protector_startup'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Advanced System Protector_startup' → "C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe" autolaunch
Malware detections
Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Comodo Internet Security |
16504 |
ApplicUnwnt |
| ESET NOD32 |
7.8498 |
MSIL/AdvancedSystemProtector |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00097262% | |
| Kernel CPU: | 0.00052549% | |
| User CPU: | 0.00044713% | |
| Kernel CPU time: | 27,456 ms/min | |
| CPU cycles: | 6,561,392/sec | |
| Memory |
| Private memory: | 73.73 MB | |
| Private (maximum): | 34.16 MB | |
| Private (minimum): | 2.73 MB | |
| Non-paged memory: | 73.73 MB | |
| Virtual memory: | 392.46 MB | |
| Virtual memory (peak): | 545.21 MB | |
| Working set: | 4.73 MB | |
| Working set (peak): | 146.02 MB | |
| Page faults: | 286,469/min | |
| I/O |
| I/O read transfer: | 135.05 KB/sec | |
| I/O read operations: | 134/sec | |
| I/O write transfer: | 85.15 KB/sec | |
| I/O write operations: | 40/sec | |
| I/O other transfer: | 10.7 KB/sec | |
| I/O other operations: | 39/sec | |
| Resource allocations |
| Threads: | 28 | |
| Handles: | 753 | |
| GUI GDI count: | 47 | |
| GUI GDI peak: | 57 | |
| GUI USER count: | 72 | |
| GUI USER peak: | 92 | |
Process properties
Threads
Averages
| AdvancedSystemProtector.exe (main module) |
| Total CPU: | 0.06028339% | |
| Kernel CPU: | 0.03675203% | |
| User CPU: | 0.02353136% | |
| CPU cycles: | 8,441,845/sec | |
| Memory: | 6.12 MB | |
| mshtml.dll (Windows Internet Explorer by Microsoft) |
| Total CPU: | 0.00505339% | |
| Kernel CPU: | 0.00303204% | |
| User CPU: | 0.00202135% | |
| CPU cycles: | 350,025/sec | |
| Memory: | 13.69 MB | |
| ntdll.dll |
| Total CPU: | 0.00107817% | |
| Kernel CPU: | 0.00082659% | |
| User CPU: | 0.00025157% | |
| CPU cycles: | 32,215/sec | |
| Memory: | 1.23 MB | |
| rasman.dll |
| Total CPU: | 0.00007234% | |
| Kernel CPU: | 0.00007234% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 970/sec | |
| Memory: | 84 KB | |
| gdiplus.dll |
| Total CPU: | 0.00007209% | |
| Kernel CPU: | 0.00007209% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 352/sec | |
| Memory: | 1.56 MB | |
| mscorwks.dll |
| Total CPU: | 0.00007200% | |
| Kernel CPU: | 0.00004804% | |
| User CPU: | 0.00002396% | |
| CPU cycles: | 2,418/sec | |
| Memory: | 5.67 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
32.47% |
|
| Windows 7 Ultimate |
24.68% |
|
| Windows Vista Home Premium |
11.69% |
|
| Windows 7 Starter |
7.79% |
|
| Windows 8 Pro |
7.79% |
|
| Windows 7 Professional |
5.19% |
|
| Microsoft Windows XP |
2.60% |
|
| Windows 8 Release Preview |
2.60% |
|
| Windows Vista Ultimate |
2.60% |
|
| Windows 8 |
1.30% |
|
| Windows Vista Home Basic |
1.30% |
|
Distribution by country
United States installs about 39.47% of Advanced System Protector.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Acer |
34.33% |
|
| Hewlett-Packard |
16.42% |
|
| ASUS |
14.93% |
|
| Sony |
8.96% |
|
| Toshiba |
5.97% |
|
| Intel |
5.97% |
|
| Dell |
5.97% |
|
| GIGABYTE |
2.99% |
|
| Compaq |
2.99% |
|
| Alienware |
1.49% |
|
