You are reading 0 threads
  • Author
    Messages
    • #26808
      Nicholas Coolman
      Key Master

      The programme AdvanceElite falls into the category of Potentially Unwanted Optional Software (LPI/PUP).

      LPIs, or PUPs, typically install as a program or browser extension and are loaded each time the operating system is started.


      Potentially Unwanted Software (PUP/LPI) can launch services, start scheduled tasks, and create shortcuts on your Desktop. All these operations are done with or without your consent according to the terms of its user contract. Once installed, an LPI can modify certain parameters of your browsers such as search pages, the start page or even your error page. It can collect your browsing habits and communicate them to a server using the tracking method. While browsing, it may display advertisements (coupons) and advertising banners (popups). The goal of this program is often to make money by generating web traffic to sponsored sites.


      Potentially unwanted software (LPI) or Potentialy Unwanted Programs (PUP) are the cause of many infections.
      The most common example is adware. InstallCore, Crossrider, Graftor ou Boxore which pollute the Registry and your data storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use the repackaging method, an operation which consists of redoing the software installation module by adding download options. These options allow you to add other software such as browser toolbars, adware, potentially unwanted software, intrusive advertising software, or even browser hijackers.


      Spyware (spyware) and adware (adwares) unwanted files, just like malware, can use the writing flaws of legitimate software or those of operating systems. It is therefore essential to have official software and that it has automatic updating. Likewise, your Windows operating system must be programmed in automatic update mode and activated, so that you can have the latest updates for critical security vulnerabilities.

      AdvanceElite main actions:
      – It installs as a process launched at system startup (RP),
      – It modifies the start page of the Internet Explorer browser (R0),
      – It modifies the search page of the Internet Explorer (R1) browser,
      - It installs an extension program for the Mozilla Firefox (M2) browser,
      – It installs a plugin for the Mozilla Firefox (M3) browser,
      - It installs an extension program for the Google Chrome (G2) browser,
      - It is installed as Browser Helper Object (BHO) of Internet Browser (O2),
      - It is installed as a service to be launched each time the system starts (O23), (SS/SR),
      - It installs as a program (O42)
      – It creates multiple “Software” registry keys,
      - Adds additional folders (O43),
      - Registration in the Windows prefetcher folder (O45)
      – It creates multiple user files (O61),
      – It creates a Legacy key in the Registry pointing to a malware service (O64),
      – It creates Tracing (O100) registry keys
      – It creates CLSID registry keys (O101)

      ZHPDiag Overview:
      [MD5.56C50689D22EEC7EB963665848BA6E1B] – (…) — C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe [66336] [PID.3192]
      [MD5.56C50689D22EEC7EB963665848BA6E1B] – (…) — C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe [66336] [PID.5532]
      M2 – MFEP: Extension [Coolman – pq5vmmta.default] {be5bf058-a067-4076-8c2e-22b9345a0260}
      O2 – BHO: AdvanceElite [64Bits] – {019c0f7b-8fca-4dba-a872-201fe26e2552} . (.AdvanceElite – AdvanceElite.) — C:\Program Files (x86)\AdvanceElite\AdvanceEliteBHO.dll
      O23 – Service: Update AdvanceElite (Update AdvanceElite). (.AdvanceElite – AdvanceElite.) – C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe
      O23 – Service: Util AdvanceElite (Util AdvanceElite). (.AdvanceElite – AdvanceElite.) – C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe
      O42 – Software: AdvanceElite – (.AdvanceElite.) [HKLM] — AdvanceElite
      [HKCU\Software\AdvanceElite]
      [HKLM\Software\Wow6432Node\AdvanceElite]
      O43 – CFD: 01/10/2014 – 19:47:07 – [0] —-DC:\Program Files\AdvanceElite
      O64 – Services: CurCS – 26/08/2014 – C:\Program Files\AdvanceElite\updateAdvanceElite.exe (Update AdvanceElite).(…) – LEGACY_UPDATE_AdvanceElite
      O64 – Services: CurCS – 26/08/2014 – C:\Program Files\AdvanceElite\bin\utilAdvanceElite.exe (Util AdvanceElite).(…) – LEGACY_UTIL_AdvanceElite
      SS – | Auto 01/10/2014 0 | (AdvanceElite Update). (…) – C:\Program Files\AdvanceElite\updateAdvanceElite.exe
      SS – | Auto 01/10/2014 0 | (User AdvanceElite). (…) – C:\Program Files\AdvanceElite\bin\utilAdvanceElite.exe
      HKLM\SOFTWARE\Microsoft\Tracing\AdvanceElite_RASAPI32
      HKLM\SOFTWARE\Microsoft\Tracing\AdvanceElite_RASMANCS
      HKLM\SOFTWARE\Microsoft\Tracing\updateAdvanceElite_RASAPI32
      HKLM\SOFTWARE\Microsoft\Tracing\updateAdvanceElite_RASMANCS
      HKLM\SOFTWARE\Microsoft\Tracing\utilAdvanceElite_RASAPI32
      HKLM\SOFTWARE\Microsoft\Tracing\utilAdvanceElite_RASMANCS
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AdvanceElite]
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{019c0f7b-8fca-4dba-a872-201fe26e2552}]
      [HKLM\Software\Classes\CLSID\{019c0f7b-8fca-4dba-a872-201fe26e2552}]
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{019c0f7b-8fca-4dba-a872-201fe26e2552}]
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{019c0f7b-8fca-4dba-a872-201fe26e2552}]
      [HKLM\SYSTEM\CurrentControlSet\Services\Update AdvanceElite]
      [HKLM\SYSTEM\CurrentControlSet\Services\Util AdvanceElite]
      [HKCU\Software\AdvanceElite]
      [HKLM\Software\Wow6432Node\AdvanceElite]
      C:\Program Files\AdvanceElite
      C:\Program Files (x86)\AdvanceElite
      C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe
      C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe
      C:\Program Files (x86)\AdvanceElite\AdvanceEliteBHO.dll

      ZHPCleaner Overview:
      FOUND data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigUrl [Bad: file://C:\Program Files (x86)\AdvanceElite\bin\Pac9064.js]
      FOUND data: [X64] HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\Default [Bad: 0file://C:\Program Files (x86)\AdvanceElite\bin\Pac9064.js]
      FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvanceElite_RASAPI32[]
      FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvanceElite_RASMANCS[]
      FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAdvanceElite_RASAPI32[]
      FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAdvanceElite_RASMANCS[]
      FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAdvanceElite_RASAPI32[]
      FOUND key: [X64]HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAdvanceElite_RASMANCS[]
      TROUVÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{A7DE62CF-6F88-4C79-A334-B5F45A420657} [C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe]
      FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{8A48972F-1CDE-4F81-91D9-B280DB3129ED} [C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper .exe]
      FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6BFF7926-051C-45CB-90C5-48960003B0DA} [C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper .exe]
      TROUVÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{8D01C563-81B2-4A0F-AAA0-AD411818A55B} [C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BRT.Helper.exe]

      Aliases AdvanceElite:
      PUP.Optional.AdvanceElite.A [Malwarebytes]
      PUP.Optional.Sambreel (Malwarebytes)
      Adware.AdvanceElite [Malwarebytes]
      Adware.SuperWeb [Malwarebytes]
      Adware.Sambreel

      Diagnose with ZHPSuite...  Uninstall with Windows...  Delete with ZHPCleaner...  Remove with Malwarebytes...

      Free support forum
      Nicholas Coolman

You are reading 0 threads
  • You must be logged in to reply to this topic.
Back to top