Win32:DownloadGuide-X [PUP]

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Win32:DownloadGuide-X [PUP] also known as W32.HfsAdware.B14A, Generic.7E0, PUA.Abtoolscom.Gen.

Malware Analysis of Win32:DownloadGuide-X [PUP] – GPSTOVCARD.EXE

Created files:

%Program Files%\AB-Tools.com\GPS to vCard\GPStoVCard-en.hep
%Program Files%\AB-Tools.com\GPS to vCard\GPStoVCard-en.rd
%Program Files%\AB-Tools.com\GPS to vCard\GPStoVCard.exe
%Program Files%\AB-Tools.com\GPS to vCard\GPStoVCard.rd
%Program Files%\AB-Tools.com\GPS to vCard\HepHelp.exe

Autostart registry keys:

HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\GPS to vCard_is1\DisplayName: “GPS to vCard 1.2.0”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\GPS to vCard_is1\UninstallString: “”%Program Files%\AB-Tools.com\GPS to vCard\unins000.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7b3dccd7-d817-47b2-9c6a-d4907ddc81a1}\DisplayName: “Web Companion”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7b3dccd7-d817-47b2-9c6a-d4907ddc81a1}\UninstallString: “%Program Files%\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe –uninstall”
HKLM\System\CurrentControlSet\services\LavasoftTcpService\ImagePath: “%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”
HKLM\System\CurrentControlSet\services\LavasoftTcpService\DisplayName: “LavasoftTcpService”
HKLM\System\CurrentControlSet\services\WCAssistantService\ImagePath: “%Program Files%\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe”
HKLM\System\CurrentControlSet\services\WCAssistantService\DisplayName: “WC Assistant”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion: “%Program Files%\Lavasoft\Web Companion\Application\WebCompanion.exe –minimize ”
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\53.0.2785.116\Installer\setup.exe” –uninstall –multi-install –chrome –system-level”

Detected by UnHackMe:

GPSTOVCARD.EXE
Default location: %PROGRAM FILES%\AB-TOOLS.COM\GPS TO VCARD\GPSTOVCARD.EXE

Dropper hash(md5): e3e058beaa8e6d9dffc2305971452a41

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera