enhancedNT.dll

enhancedNT

Visual Tools

The module enhancedNT.dll by Visual Tools has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘NTRedirect’. Additionally, the file is typically installed by a number of programs including Delta Chrome Toolbar by Visual Tools and Search-Gol Chrome Toolbar by Search-Gol, both potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Visual Tools  (signed and verified)

Product:
enhancedNT

Version:
1.0.0.2

MD5:
e8acd9ba00ff35b2f9671b98cec3d092

SHA-1:
a8a1ff224543960c9b7a4fbb304daf4eedbf0427

SHA-256:
051786fa0b88dd48b91716355d6490d26fde2dd910f372ad9a2c997c847d386d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/23/2024 11:49:08 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon (M)
17.2.23.11

File size:
183.5 KB (187,888 bytes)

Product version:
1.0.0.2

Copyright:
Copyright (C) 1997-2013

Original file name:
enhancedNT.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\babsolution\shared\enhancednt.dll

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
1/10/2013 1:00:00 AM

Valid to:
1/11/2015 12:59:59 AM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789958B0264F06055619270074AFA61F

File PE Metadata
Compilation timestamp:
8/22/2013 11:15:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0xDE94

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 2C, 7D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 98, 68, 02, 10, E8, 0D, FB, FF, FF, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 44, A2, 02, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, E4, 02, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
109 KB (111,616 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NTRedirect

Command:
C:\windows\syswow64\rundll32.exe "C:\users\{user}\appdata\roaming\babsolution\shared\enhancednt.dll",run


The file enhancedNT.dll has been discovered within the following programs.

Bueno Chrome Toolbar  by Babylon Ltd
Bueno Chrome Toolbar is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings.
info.buenosearch.com
82% remove it
DaleSearch Chrome Toolbar  by Babylon Ltd
Uses the SearchGol Toolbar Platform. As part of the installation process of the Software, publisher may offer changes to your Internet Browser settings.
info.dalesearch.com
66% remove it
Delta Chrome Toolbar  by Visual Tools
Delta Chrome Toolbar is part of the babylon toolbar system, a potentially unwanted program. It has alos been detected as malware by a few antivirus programs. TrendMicro-HouseCall detects it as TROJ_GEN.RCBH1C6 and Norman detects it as Babylon.A.
83% remove it
Doko Chrome Toolbar  by Babylon Ltd
Doko Chrome Toolbar is a potentially unwanted web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.
82% remove it
Hola Chrome Toolbar  by Babylon Ltd
Hola Chrome Toolbar is part of the babylon toolbar system and the Hola Toolbar Platform, a known adware program. It has alos been detected as malware by a few antivirus programs. TrendMicro-HouseCall detects it as TROJ_GEN.RCBH1C6 and Norman detects it as Babylon.A.
info.holasearch.com
82% remove it
MixiDJ chrome Toolbar  by Conduit Ltd.
MixiDJ chrome Toolbar is a Conduit web browser plugin for Chrome that collects and stores information about a user's web browsing habits and sends this information to Conduit in order to provide advertising.
MixiDJV30.OurToolbar.com
66% remove it
Search-Gol Chrome Toolbar  by Search-Gol
SearchGol Toolbar Platform is an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monetization platforms during installation.
info.searchgol.com
67% remove it
 
Powered by Should I Remove It?

Remove enhancedNT.dll - Powered by Reason Core Security