Should I block it?
Yes, 98% block recommendation.
Possible reason:
Multiple malware detections
Additional versions
(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)
PE file structure |
Show functions |
Import table
advapi32.dll
RegCloseKey, RegEnumKeyExW, CheckTokenMembership, RegOpenKeyExW, FreeSid, RegEnumValueW, AllocateAndInitializeSid, RegDeleteValueW, RegDeleteKeyW, RegQueryValueExW, RegCreateKeyExW, ConvertSidToStringSidW, IsValidSid, GetTokenInformation, OpenProcessToken, RegSetValueExW
kernel32.dll
DllMain
Export table
sprotector.dll
MD5: | 1a8b01302741f5e6b33de2918e06e4b7 |
SHA1: | e1b80685306f8a5bb0b0e8a2fa0fd65ea272597e |
SHA256: | c9b450a08c37b04ef11a56a5b954f74377470c36e6f97d1be2c7890273db7e98 |
Warning 11 antivirus scanners has detected malware.
What is sprotector.dll?
SProtector has been detected as 'malware' by multiple antivirus products. TrendMicro classifies it as TROJ_GEN.RCBH1L8. ESET calls it a variant of Win32/SProtector.A. QuickHeal identifies SProtector.dll as Worm.SProtector.A3. Avast classifies it as a potentially unwanted program (PUP) Win32:SProtector-B [PUP] and DrWeb flags it as Adware.BGuard. The program, specifically the sprotector.dll file is loaded into Google Chrome and connects to the Internet.
Overview
sprotector.dll is malware that is loaded as dynamic link library that runs in the context of a process. This is typically installed with the program SProtector 1.62 published by Search Assistant SProtector and is most likely removed by most users once installed (86% removed).
Details
File name: | sprotector.dll |
Typical file path: | C:\Program Files\ContinueToSave\sprotector.dll |
Size: | 316 KB (323,584 bytes) |
Digital DNA |
File packed: | No |
.NET CLR: | No |
More details
Programs
The following program will install this file
|
Search Assistant SProtector |
|
SProtector has been seen being bundled with various know adware programs including ContinueToSave, Search Assistant, JustBrowse, BrowseToSave, EasyLife Search and AppsAreFun. It has been detected as 'malware' by multiple antivirus products. TrendMicro classifies it as TROJ_GEN.RCBH1L8. ESET calls it a variant of Win32/SProtector.A. QuickHeal identifies SProtector.dll as Worm.SProtector.A3. Avast classifies it as a potentially unwanted ...
Malware detections
Based on 40+ industry antivirus scanners, 11 of them detected the following malware.
Antivirus engine | Engine version | Detection |
Avira AntiVir |
7.11.123.30 |
BDS/Lease.A |
Comodo Internet Security |
17542 |
UnclassifiedMalware |
Emsisoft Anti-Malware |
3.0.0.575 |
Trojan.Win32.SProtector.AMN (A) |
ESET NOD32 |
7.9244 |
a variant of Win32/SProtector.A |
McAfee |
5.600.1067 |
Artemis!1A8B01302741 |
McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!1A8B01302741 |
NANO AntiVirus |
0.28.0.57029 |
Trojan.Win32.Behav034.ziayf |
Norman |
7.03.02 |
Suspicious_Gen4.BJHND |
Rising Antivirus |
25.0.0.11 |
PE:Trojan.Win32.Generic.1503CAD7!352570071 |
Sophos |
4.96.0 |
Mal/Behav-034 |
ViRobot |
2011.4.7.4223 |
JS.A.Pakes.323584 |
Distribution by Windows OS
OS version | distribution |
Windows 7 Ultimate |
30.95% |
|
Microsoft Windows XP |
28.57% |
|
Windows 7 Home Premium |
26.19% |
|
Windows 7 Professional |
4.76% |
|
Windows Vista Home Premium |
4.76% |
|
Windows 7 Home Basic |
4.76% |
|
Distribution by country
United States installs about 11.90% of sprotector.dll.
Distribution by PC manufacturer
PC Manufacturer | distribution |
ASUS |
23.53% |
|
Dell |
15.69% |
|
Hewlett-Packard |
13.73% |
|
GIGABYTE |
13.73% |
|
Acer |
7.84% |
|
Sony |
7.84% |
|
American Megatrends |
5.88% |
|
Intel |
3.92% |
|
Lenovo |
3.92% |
|
Toshiba |
3.92% |
|