Should I block it?
No, this file is 100% safe to run.
sw-booster.exe
| MD5: | 1d283dd3ae2312eee624e8b8c46f6adb |
| SHA1: | 3b2c90b0a0af44b405d746e437acbe2da1e5e741 |
Overview
sw-booster.exe executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges). It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It is installed with a couple of know programs including SK.Enhancer published by WebPick Internet Holdings Ltd., Sk-Enhancer from WebPick Internet Holdings Ltd. and Sk-Enhancer by WebPick Internet Holdings Ltd..
Details
| File name: | sw-booster.exe |
| Typical file path: | C:\ProgramData\superbapp\sw-booster\sw-booster.exe |
| Size: | 712.5 KB (729,600 bytes) |
| Build date: | 10/29/2013 8:20 PM |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
This is a JustPlug.It web browser extension that is delivered via the WebPick (InstalleRex) download and install manager. It is included with various adware offer bundles and is a cross browser extension that runs with multiple parts including a Windows service, an auto-starting component and the browser toolbar/plugin which is designed to inject advertisements in the browser in form of banner ads, hyper-text links and popups. In additi...
This adware injects itself into the user's web browser (IE, Chrome and Firefox) and will display out-of context advertising on web sites that are not associated with the software or its affiliate partners. Advertisements will be displayed as banner and video ads, search related ads, transitional and in-text ads and links. The software will also periodically self-update and call home for instructions as well as additional ad feeds and re...
Bundled with various adware installations via the WebPick Internet Holdings bundle, SW Booster (also known as SK Enhancer) is an adware extension that injects various types of advertising in the user's web browser. This particular program is a protector module and is designed specifically to prevent the supporting web browser extensions that performs the ad-injection from being removed by the end user or other software. If the adware it...
Bundled with various adware installations via the WebPick Internet Holdings bundle, SW Booster (also known as SK Enhancer) is an adware extension that injects various types of advertising in the user's web browser. This particular program is a protector module and is designed specifically to prevent the supporting web browser extensions that performs the ad-injection from being removed by the end user or other software. If the adware it...
Bundled with various adware installations via the WebPick Internet Holdings bundle, SW Booster (also known as SK Enhancer) is an adware extension that injects various types of advertising in the user's web browser. This particular program is a protector module and is designed specifically to prevent the supporting web browser extensions that performs the ad-injection from being removed by the end user or other software. If the adware it...
Bundled with various adware installations via the WebPick Internet Holdings bundle, SW Booster (also known as SK Enhancer) is an adware extension that injects various types of advertising in the user's web browser. This particular program is a protector module and is designed specifically to prevent the supporting web browser extensions that performs the ad-injection from being removed by the end user or other software. If the adware it...
Bundled with various adware installations via the WebPick Internet Holdings bundle, SW Booster (also known as SK Enhancer) is an adware extension that injects various types of advertising in the user's web browser. This particular program is a protector module and is designed specifically to prevent the supporting web browser extensions that performs the ad-injection from being removed by the end user or other software. If the adware it...
Upd Inst is an adware program that integrates into the user's web browsers (IE, Chrome, Firefox) and will perform a number of functions mostly designed to generate advertising supported or affiliate revenue. In order to do so the program will display a number of different ad formats by injecting the ads directly in the user's browser based on either the activity of the user's past and present behavior or based on the context of the web...
This adware injects itself into the user's web browser (IE, Chrome and Firefox) and will display out-of context advertising on web sites that are not associated with the software or its affiliate partners. Advertisements will be displayed as banner and video ads, search related ads, transitional and in-text ads and links. The software will also periodically self-update and call home for instructions as well as additional ad feeds and re...
GBUpdate is an malware/spyware program that installs on the user's PC from a set of bundled applications, mostly PUPs. Once installs, the software will integrate into the web browser and operating system and track the overall usage of the user's browsing behavior including recording what URLs the user visits and which advertisements are display and/or clicked on.
|
toolksearchbook.info Ltd. |
|
The software is distributed with a bundled download manager and is designed to hijack the user's web browser search and home pages to one of a number of pre-defined search websites including:
websearch.searchinweb.info
websearch.relevantsearch.info
websearch.search-guide.info
websearch.wisesearch.info
websearch.greatresults.info
websearch.simplesearches.info
websearch.searchiseasy.info
websearch.toolksearchbook.info
It will...
|
WebPick Internet Holdings Ltd. |
|
SK.Enhancer is a protection mechanism that is designed to protect bundled software of potentially unwanted programs distributed through bundles. Also know as SProtector, SK.Enhancer is typically installed with adware such as toolbars and its primary purpose is to prevent a web browser's home page or search engine from being modified to something other than what the adware has set it to. According to multiple anti-virus products this sof...
|
WebPick Internet Holdings Ltd. |
|
SK.Enhancer is a protection mechanism that is designed to protect bundled software of potentially unwanted programs distributed through bundles. Also know as SProtector, SK.Enhancer is typically installed with adware such as toolbars and its primary purpose is to prevent a web browser's home page or search engine from being modified to something other than what the adware has set it to. According to multiple anti-virus products this sof...
|
WebPick Internet Holdings Ltd. |
|
SK.Enhancer is a protection mechanism that is designed to protect bundled software of potentially unwanted programs distributed through bundles. Also know as SProtector, SK.Enhancer is typically installed with adware such as toolbars and its primary purpose is to prevent a web browser's home page or search engine from being modified to something other than what the adware has set it to. According to multiple anti-virus products this sof...
|
WebPick Internet Holdings Ltd. |
|
SK.Enhancer is a protection mechanism that is designed to protect bundled software of potentially unwanted programs distributed through bundles. Also know as SProtector, SK.Enhancer is typically installed with adware such as toolbars and its primary purpose is to prevent a web browser's home page or search engine from being modified to something other than what the adware has set it to. According to multiple anti-virus products this sof...
|
WebPick Internet Holdings Ltd. |
|
This is home page hijacker/malware detected by multiple antivirus vendors including AVG, Avast, ESET, Malwarebytes, McAfee and Symantec. Also known as SK.Enabler. The software uses various techniques to prevent anti-virus programs from detecting it. Within Internet Explorer the toolbar runs as a Browser Helper Object (BHO), in Google Chrome it is an extension and in Firefox it is an addon.
|
WebPick Internet Holdings Ltd. |
|
The software is distributed with a bundled download manager and is designed to hijack the user's web browser search and home pages to one of a number of pre-defined search websites including:
websearch.searchinweb.info
websearch.relevantsearch.info
websearch.search-guide.info
websearch.wisesearch.info
websearch.greatresults.info
websearch.simplesearches.info
websearch.searchiseasy.info
websearch.toolksearchbook.info
It will...
|
WebPick Internet Holdings Ltd. |
|
WebSave (WS-Booster) is an adware/malware program that injects advertisements in the user's web browser. WS-Booster popup ads will be shown as boxes containing various coupons/delas that are available or as underlined keywords, which when clicked will display an advertisement that states it is brought to you by 'Web Save Deals' or 'Web Save Ads'.
Once infected by this common symptoms include:
- Random web page text is turned into hy...
Behaviors
Scheduled tasks
- The job 'SO_Booster-S-630647097' runs on logon in the path '\SO_Booster-S-630647097'
- The job 'SO;Booster-S-484675851' runs on logon in the path '\SO;Booster-S-484675851'
- The job 'SW-Booster-S-1095609242' runs on logon in the path '\SW-Booster-S-1095609242'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\SO_Booster-S-630647097'
- Login entry path '\SO;Booster-S-484675851'
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00001251% | |
| Kernel CPU: | 0.00000264% | |
| User CPU: | 0.00000988% | |
| Kernel CPU time: | 16 ms/min | |
| CPU cycles: | 996/sec | |
| Memory |
| Private memory: | 1024 KB | |
| Private (maximum): | 2.35 MB | |
| Private (minimum): | 384 KB | |
| Non-paged memory: | 1024 KB | |
| Virtual memory: | 41.84 MB | |
| Virtual memory (peak): | 44.36 MB | |
| Working set: | 585.33 KB | |
| Working set (peak): | 3.8 MB | |
| Page faults: | 4,109/min | |
| I/O |
| I/O read transfer: | 44 Bytes/sec | |
| I/O read operations: | 1/sec | |
| I/O write transfer: | 0 Bytes/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 0 Bytes/sec | |
| I/O other operations: | 1/sec | |
| Resource allocations |
| Threads: | 1 | |
| Handles: | 70 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command lines: |
- C:\ProgramData\mountainapp\so_booster\so_booster.exe /schedule /profile "C:\ProgramData\mountainapp\so_booster\630647097.ini"
- "C:\ProgramData\application fields software\so;booster\so;booster.exe" /schedule /profile "C:\ProgramData\application fields software\so;booster\484675851.ini"
- C:\ProgramData\superbapp\sw-booster\sw-booster.exe /schedule /profile "C:\ProgramData\superbapp\sw-booster\1095609242.ini"
|
| Owner: | SYSTEM |
| Parent process: | taskeng.exe (Task Scheduler Engine by Microsoft) |
Distribution by Windows OS
| OS version | distribution |
| Windows 8 Enterprise N |
100.00% |
|
Distribution by country
Pakistan installs about 100.00% of sw-booster.exe.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Intel |
100.00% |
|
