cltmngsvc.exe

Lenovo Browser Guard

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application cltmngsvc.exe by ClientConnect has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Lenovo Browser Guard Service”. This file is typically installed with the program Lenovo Browser Guard by ClientConnect LTD which is a potentially unwanted software program.
Publisher:
ClientConnect LTD  (signed and verified)

Product:
Lenovo Browser Guard

Version:
2.14.0.129

MD5:
9c52698f71d687e71802f5ba48c070bc

SHA-1:
26e28257b6420592129dd30ababbff0b82344b5c

SHA-256:
93900d6779406ebef122cb6f5d2ec18df56b0eb8a4244ee7b3fc34239d6b606f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
11/5/2024 1:46:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit (M)
17.3.2.0

File size:
2.4 MB (2,535,752 bytes)

Product version:
2.14.0.129

Original file name:
Lenovo Browser Guard

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\lenovobrowserguard\main\bin\cltmngsvc.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
1/27/2014 4:00:00 PM

Valid to:
1/29/2016 3:59:59 PM

Subject:
CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Lenovo Browser Guard, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
177310CAE60BB43B9E75B02DA2C1AC11

File PE Metadata
Compilation timestamp:
5/12/2014 8:48:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0xCCECD

Entry point:
E8, 50, 97, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 18, 8D, 4D, E8, 53, FF, 75, 0C, E8, 79, FC, FF, FF, 8B, 5D, 08, 81, FB, 00, 01, 00, 00, 73, 60, 8B, 4D, E8, 83, 79, 74, 01, 7E, 14, 8D, 45, E8, 50, 6A, 02, 53, E8, FA, DE, 00, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, 90, 00, 00, 00, 0F, B7, 04, 58, 83, E0, 02, 85, C0, 74, 1E, 80, 7D, F4, 00, 8B, 81, 98, 00, 00, 00, 0F, B6, 0C, 18, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C1, E9, D6, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 4D, F0, 83, 61, 70, FD...
 
[+]

Entropy:
6.3738

Code size:
1.5 MB (1,533,952 bytes)

Service
Display name:
Lenovo Browser Guard Service

Service name:
CltMngSvc

Description:
This service loads the Lenovo Browser Guard, which maintains your selected Search settings, and enables auto-updates.

Type:
Win32OwnProcess

Depends on:
TermService


The file cltmngsvc.exe has been discovered within the following program.

Lenovo Browser Guard  by ClientConnect LTD
This is a branded version for Lenovo of the Conduit/Perion Search Protect software, a potentially unwanted program that maintains the partner or affiliate directed web page.
79% remove it
 
Powered by Should I Remove It?

Remove cltmngsvc.exe - Powered by Reason Core Security