home

dtwxsvc.dll

System Alerts LLC

The module dtwxsvc.dll by System Alerts has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed as a Winsock Layered Service Provider (LSP) named “NETCAPTLSP over [PCProtect over [MSAFD Tcpip [TCP/IP]]]” as a layered chain entry (32). This file is typically installed with the program Desktop Temperature Monitor by System Alerts LLC which is a potentially unwanted software program.
Publisher:
System Alerts LLC  (signed and verified)

MD5:
72d1a48d03d9c170fe3e0f21c72c450d

SHA-1:
f2409beed0157c587e5d1281b407d403de9375b8

SHA-256:
52d08613ce65cda402d744af00ab195712bf1bd50a67d636ae6c47a617b06296

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:01:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SystemAlerts (M)
16.1.3.11

File size:
1021.8 KB (1,046,288 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\desktoptemperature\dtwxsvc.dll

Digital Signature
Signed by:
System Alerts LLC

Authority:
COMODO CA Limited

Valid from:
11/12/2013 6:00:00 PM

Valid to:
11/13/2014 5:59:59 PM

Subject:
CN=System Alerts LLC, O=System Alerts LLC, STREET=250 Park Ave Ste 504, L=Minneapolis, S=MN, PostalCode=55415, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D56696E8C583BF7F09BCCC24A2AB8310

File PE Metadata
Compilation timestamp:
3/3/2014 7:53:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:12O95j3U1Xc78TEQZeiBX7l3l+fQ16PT1rYcVt1GusmXgCxo3uQ5cvMkMM:os2EQZegrTTDoGusoE15cKM

Entry address:
0x66CB2

Entry point:
E9, 79, 8E, 07, 00, E9, 64, 1E, 05, 00, E9, 8F, 48, 06, 00, E9, 2A, FD, 05, 00, E9, 55, B8, 02, 00, E9, 10, B6, 02, 00, E9, 5B, 59, 00, 00, E9, 96, E7, 07, 00, E9, 51, EF, 0B, 00, E9, 4C, E8, 04, 00, E9, 87, 0F, 03, 00, E9, 12, 45, 02, 00, E9, 2D, 9F, 07, 00, E9, A8, E7, 0A, 00, E9, 33, 1C, 06, 00, E9, AE, 01, 07, 00, E9, CF, FB, 05, 00, E9, 84, 5E, 02, 00, E9, 2F, 09, 06, 00, E9, EA, C3, 01, 00, E9, A5, 51, 06, 00, E9, 60, B5, 04, 00, E9, AB, F3, 09, 00, E9, 36, 70, 0B, 00, E9, 81, B1, 06, 00, E9, 4C, 20...
 
[+]

Entropy:
5.7213

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
839 KB (859,136 bytes)

12 Winsock2 LSPs
Name:
NETCAPTLSP over [PCProtect over [MSAFD Tcpip [TCP/IP]]]

Type:
Layered Chain Entry (32)

Provider ID:
{CDAD3A46-4ECD-4393-82FE-9186B68B89B1}

Service flags:
0x66

Name:
NETCAPTLSP over [MSAFD Tcpip [TCP/IP]]

Type:
Layered Chain Entry (32)

Provider ID:
{E3320F64-2387-4068-BBBA-CC679FB483F7}

Service flags:
0x66

Name:
NETCAPTLSP over [MSAFD Tcpip [UDP/IP]]

Type:
Layered Chain Entry (32)

Provider ID:
{4C58C1F0-0544-448B-9F60-E0E27069859E}

Service flags:
0x609

Name:
NETCAPTLSP over [MSAFD Tcpip [RAW/IP]]

Type:
Layered Chain Entry (32)

Provider ID:
{2873275A-DE05-4805-B5CD-56024413E164}

Service flags:
0x609

Name:
NETCAPTLSP over [RSVP TCP Service Provider]

Type:
Layered Chain Entry (32)

Provider ID:
{43664DBD-3DD9-473F-8A62-D46BFB27B2CE}

Service flags:
0x2066

Name:
NETCAPTLSP over [RSVP UDP Service Provider]

Type:
Layered Chain Entry (32)

Provider ID:
{51288C95-0433-42BE-A5C9-8447CE561579}

Service flags:
0x2609


The file dtwxsvc.dll has been discovered within the following programs.

Desktop Temperature Monitor  by System Alerts LLC
The free version is ad-supported software (also known as adware) web browser plugin that displays advertisements such as coupon ads in the browser that are displayed on web pages that are not associated with the plugin or would not otherwise appear.
desktoptemperaturemonitor.com
74% remove it
 
Powered by Should I Remove It?

Remove dtwxsvc.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.