Should I block it?

90%

90% of PCs block this file from running.

Possible reason:

Multiple malware detections

Additional versions

d2fb2	37.50%
f1a65	37.50%
326ea	12.50%
ff809	12.50%

(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

explorer.exe (Windows Explorer by Microsoft Corporation)

ramsaverpro.exe

Remove ramsaverpro.exe

MD5:	f1a654729537ea23d89bcd27f91f7199
SHA1:	83cb96389963c8fc6218615c4839883c476ce9ff
SHA256:	8be113f2c31119eb2f58625aac9a1e2f529dfdeb05af587a9896536d71a54550

Warning 4 antivirus scanners has detected malware.

Overview

ramsaverpro.exe is malware that executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user).

Details

File name:	ramsaverpro.exe
Typical file path:	C:\Program Files\wintools software\ram saver professional\ramsaverpro.exe
Size:	441.5 KB (452,096 bytes)
Digital DNA
PE subsystem:	Windows GUI
File packed:	Yes
.NET CLR:	No

More details

Behaviors

Startup files (user) run

Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'RAMSaverPro' → C:\Program Files\WinTools Software\RAM Saver Professional\ramsaverpro.exe

Malware detections

Based on 40+ industry antivirus scanners, 4 of them detected the following malware.

Antivirus engine	Engine version	Detection
CAT Quick Heal	9.13.12.00	(Suspicious) - DNAScan
Ikarus	T3.1.5.6.0	DDoS.Win32.Nitol
McAfee Gateway Anti-Malware	v2013-dat	Heuristic.LooksLike.Win32.Suspicious.C
Trend Micro HouseCall	9.700-1001	TROJ_GEN.F47V1227

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00021533%	0.028634%
Kernel CPU:	0.00019546%	0.013761%
User CPU:	0.00001987%	0.014873%
Kernel CPU time:	34,351 ms/min	100,923,805ms/min
CPU cycles:	885,622/sec	17,470,203/sec
Context switches:	1/sec	284/sec
Memory
Private memory:	3.59 MB	21.59 MB
Private (maximum):	7.57 MB
Private (minimum):	3.81 MB
Non-paged memory:	3.59 MB	21.59 MB
Virtual memory:	67.43 MB	140.96 MB
Virtual memory (peak):	1.16 GB	169.69 MB
Working set:	4.27 MB	18.61 MB
Working set (peak):	1.1 GB	37.95 MB
Page faults:	7,549,591/min	2,039/min
I/O
I/O read transfer:	85.69 KB/sec	1.02 MB/min
I/O read operations:	8/sec	343/min
I/O other transfer:	5 Bytes/sec	448.09 KB/min
I/O other operations:	16/sec	1,671/min
Resource allocations
Threads:	1	12
Handles:	184	600
GUI GDI count:	126	103
GUI GDI peak:	133	142
GUI USER count:	63	49
GUI USER peak:	64	71

Process properties

Integrety level:	Medium
Platform:	64-bit
Command line:	"C:\Program Files\wintools software\ram saver professional\ramsaverpro.exe"
Owner:	User
Parent process:	explorer.exe (Windows Explorer by Microsoft Corporation)

Distribution by Windows OS

OS version	distribution
Windows 7 Ultimate	50.00%
Windows 8.1 Pro	25.00%
Windows 7 Home Premium	12.50%
Windows 8 Pro	12.50%

Distribution by country

Turkey installs about 25.00% of ramsaverpro.exe.

Distribution by PC manufacturer

PC Manufacturer	distribution
ASUS	76.92%
Acer	23.08%

Remove Adware and Spyware Programs, FREE Download!