Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Additional versions
(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)
 PE file structure
|
Show functions |
Import table
advapi32.dll
RegCloseKey, RegEnumKeyExW, CheckTokenMembership, RegOpenKeyExW, FreeSid, RegEnumValueW, AllocateAndInitializeSid, RegDeleteValueW, RegDeleteKeyW, RegQueryValueExW, RegCreateKeyExW, ConvertSidToStringSidW, IsValidSid, GetTokenInformation, OpenProcessToken, RegSetValueExW
kernel32.dll
DllMain
Export table
sprotector.dll
| MD5: | 2e705785860f95358dc9aa6ed402198b |
| SHA1: | bde434bc951fe761e81d06727fc0265655064ee9 |
| SHA256: | 2c3e97a8765aadce4421f73c2efb97e0a3f1f9dcdfeab4d135accd919765421d |
Warning 9 antivirus scanners has detected malware.
What is sprotector.dll?
SProtector has been detected as 'malware' by multiple antivirus products. TrendMicro classifies it as TROJ_GEN.RCBH1L8. ESET calls it a variant of Win32/SProtector.A. QuickHeal identifies SProtector.dll as Worm.SProtector.A3. Avast classifies it as a potentially unwanted program (PUP) Win32:SProtector-B [PUP] and DrWeb flags it as Adware.BGuard. The program, specifically the sprotector.dll file is loaded into Google Chrome and connects to the Internet.
Overview
sprotector.dll is malware that is loaded as dynamic link library that runs in the context of a process. It is installed with a couple of know programs including GadgetBox published by WebPick Internet Holdings Ltd., EasyLife Search 1.74 from Asaf Shapira and EasyLife Search 1.74 by Asaf Shapira.
Details
| File name: | sprotector.dll |
| Typical file path: | C:\Program Files\ContinueToSave\sprotector.dll |
| Size: | 1 MB (1,050,112 bytes) |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
This is an adware based web browser hijacker that will modify the user's home page, search settings as well as modify the content of web pages visited in order to inject modfied ads. The publisher of this app falls under the umbrella of the Amazing Apps group of adware.
ContinueToSave from BetterSoft is an adware program in the form of a process and a web browser plugin. The Plugin is designed to monitor the user's search and browsing habits and deliver advertising by overwriting the content HTML within the user's web browser. The background service which is executed as a Windows scheduled task is designed to make sure the web browser plugin remains active as well as automatically keeps the software up...
This is a web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search. The software acts as an adware type application and is typically defined as a unwanted application by various malware vendors.
SaveShare is a web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search. The software acts as an adware type application and is typically defined as a unwanted application by various malware vendors.
|
BrowseToSave.info (Amazing Apps) |
|
BrowseToSave is an adware program installed into Internet Explorer, Firefox and Chrome. The programs collects and stores information about web browsing habits and sends this information to its remote servers in order to provide injected advertising in search results and various other places. Search Assistant will also modify the browser's home page and search provider. It displays various pop-up advertisements and tracks and reports you...
|
Ellora Assets Corporation |
|
Freemake Video Downloader is a freeware download manager designed to download embedded videos in FLV, MP4, WebM, or 3GP formats from any website. The software gives a list of all video qualities available for downloading and is able to convert downloaded videos to multiple formats. It can also transcode downloaded videos, converting them into AVI files or extracting the audio into an MP3 file.
Some versions of Freemake Video Download...
SaveAs is an adware program that is typically bundled with 3rd party software or installed via a browser exploit. It installs a Browser Helper Object (BHO) in Internet Explorer in order to inject advertising as well as hijack links and existing web page ads.
|
Search Assistant SProtector |
|
BCool is an ad-supported (users may see additional banner and in-text link advertisements) web browser plugin distributed through various monetization platforms during installation. The browser extension includes various features that will modify the default or custom settings of the browser including the home page and search settings.
What the toolbar does:
- Changes the default search engine in your web browser's built-in search ...
|
Search Assistant SProtector |
|
SS Helper (installed under various names) is a protection mechanism that is designed to protect bundled software of potentially unwanted programs distributed through bundles. Also know as SProtector, SS Helper is typically installed with adware such as toolbars and its primary purpose is to prevent a web browser's home page or search engine from being modified to something other than what the adware has set it to. According to multiple ...
|
Search Assistant SProtector |
|
SS Helper (installed under various names) is a protection mechanism that is designed to protect bundled software of potentially unwanted programs distributed through bundles. Also know as SProtector, SS Helper is typically installed with adware such as toolbars and its primary purpose is to prevent a web browser's home page or search engine from being modified to something other than what the adware has set it to. According to multiple ...
|
Search Assistant SProtector |
|
SS Helper (installed under various names) is a protection mechanism that is designed to protect bundled software of potentially unwanted programs distributed through bundles. Also know as SProtector, SS Helper is typically installed with adware such as toolbars and its primary purpose is to prevent a web browser's home page or search engine from being modified to something other than what the adware has set it to. According to multiple ...
|
Search Assistant SProtector |
|
SS.Helper is a protection mechanism that is designed to protect bundled software of potentially unwanted programs distributed through bundles.
|
Search Assistant SProtector |
|
This is a web browser plugin that is potentially unwanted and ad-supported. In addition to displaying advertisements, as part of the installation process the publisher may offer changes to the web browser settings. Such changes may include the following:
- Modifying/changing the default home page URL
- Changing the search provider (built-in search box) and search pages
- Changing the new tab page
- Updating some browser settings whi...
Vaudix (DropInSaving variant) is a web browser extension for Internet Explorer, Chrome and Firefox that collects and stores information about a user's web browsing habits in order to provide advertising as well as inter-browser coupons. The installed plugin will attempt to find merchant deals based on the user's web context and/or inject advertising. It will also attempt to find competing web extensions installed on the user's PC and di...
|
WebPick Internet Holdings Ltd. |
|
GadgetBox Toolbar (also an Sprotector variant) is an ad-supported (users may see additional banner and in-text link advertisements) Windows Gadget plugin.
Malware detections
Based on 40+ industry antivirus scanners, 9 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| avast! |
8.0.1489.320 |
Win32:SProtector-A [PUP] |
| AVG |
2014.0.3629 |
Generic5.AAFE |
| Dr.Web |
8.13.6.16 |
Adware.BGuard.11 |
| ESET NOD32 |
7.8545 |
a variant of Win32/SProtector.A |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
| The Hacker |
None |
Trojan/Sprotector |
| Trend Micro |
9.740.0.1012 |
ADW_SPROTECT |
| Trend Micro HouseCall |
9.700.0.1001 |
ADW_SPROTECT |
| VIPRE Antivirus |
19424 |
Trojan.Win32.Generic!BT |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
30.95% |
|
| Microsoft Windows XP |
28.57% |
|
| Windows 7 Home Premium |
26.19% |
|
| Windows 7 Professional |
4.76% |
|
| Windows Vista Home Premium |
4.76% |
|
| Windows 7 Home Basic |
4.76% |
|
Distribution by country
United States installs about 11.90% of sprotector.dll.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| ASUS |
23.53% |
|
| Dell |
15.69% |
|
| Hewlett-Packard |
13.73% |
|
| GIGABYTE |
13.73% |
|
| Acer |
7.84% |
|
| Sony |
7.84% |
|
| American Megatrends |
5.88% |
|
| Intel |
3.92% |
|
| Lenovo |
3.92% |
|
| Toshiba |
3.92% |
|
