home

WinThruster.exe

WinThruster

Installer Wizard

The application WinThruster.exe, “WinThruster for Registry Cleaner” by Installer Wizard has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program WinThruster by Solvusoft Corporation. While running, it connects to the Internet address web40.cluster.spamfighter.com on port 80 using the HTTP protocol.
Publisher:
Solvusoft Corporation  (signed by Installer Wizard)

Product:
WinThruster

Description:
WinThruster for Registry Cleaner

Version:
2.3.125.113

MD5:
1b18e32acba4f436831da1bcb4cd9b6d

SHA-1:
b60cb64c277732c393a92847f7751cdf3025c213

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:33:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solvusoft.Installer.Meta (L)
16.5.26.22

File size:
11.7 MB (12,244,928 bytes)

Product version:
2.3.125.113

Copyright:
(c) Solvusoft Corporation. All rights reserved.

Original file name:
WinThruster.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\solvusoft\winthruster\winthruster.exe

Digital Signature
Signed by:
Installer Wizard

Authority:
COMODO CA Limited

Valid from:
8/27/2013 2:00:00 AM

Valid to:
8/27/2016 1:59:59 AM

Subject:
CN=Installer Wizard, O=Installer Wizard, STREET=848 N. Rainbow Blvd., STREET="#3321", L=Las Vegas, S=NV, PostalCode=89107, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00936840633163DBE99483CEE1F9B95E45

File PE Metadata
Compilation timestamp:
10/29/2014 6:43:30 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:V5YhFccccccccccccccccccccccccccccccFcccccccccccccccccccccccccccI:VKcccccccccccccccccccccccccccccu

Entry address:
0x10B821

Entry point:
E8, B2, 8B, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 00, 18, 5C, 00, 75, 02, F3, C3, E9, 34, 8C, 00, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, 9C, 8D, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, C7, 01, 7C, CF, 55, 00, E8, 18, 8D, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, E2, 12, FE, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 4C, 8E, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF...
 
[+]

Code size:
1.3 MB (1,403,392 bytes)

Scheduled Task
Task name:
WinThruster-zulus-Startup

Path:
C:\WINDOWS\Tasks\WinThruster-zulus-Startup.job

Trigger:
Logon (Runs on logon)


The file WinThruster.exe has been discovered within the following program.

WinThruster  by Solvusoft Corporation
Publisher's description - “WinThruster detects and repairs hundreds of PC errors, optimizes performance settings, and speeds up your PC. It repairs PC problems, decrease program load time, removes PC clutter, extends your computer's life, and restores system performance.”
solvusoft.com
40% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to web40.cluster.spamfighter.com  (91.192.52.195:80)

TCP (HTTP):
Connects to web20.cluster.spamfighter.com  (91.192.52.198:80)

TCP (HTTP):
Connects to web30.cluster.spamfighter.com  (91.192.52.205:80)

Remove WinThruster.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.