What is The weDownload?

The weDownload is software application developed by weDownload Ltd. It is most commonly found on computers running Windows 7 with nearly 59.74% of installations running this operating system. The weDownload's installer is typically 7.00 MB in size and installs around 17 files. The most common release is 1.34.2.13 with 46.05% of all installations currently using this version.

The weDownload is most popular in the United States with 30.08% of installations residing in this country.

About The weDownload?

WeDownload is a web browser extension and Browser Helper Object (BHO) designed to deliver contextual-based advertising to Internet Explorer. It has the capability to modify the user's browser home and search pages, as well as 'New Tab' pages, in order to push advertising and search results. Additionally, the software may be bundled with potentially unwanted applications from the same publisher and third-party apps.

Multiple virus scanners have detected malware in The weDownload.

utils.exe (MD5: c6ee850aa42eaf0b67e7a2bec46093f0) has been flagged by 35 scanners:

Scanner Software	Version	Result
AhnLab-V3	2014.02.08	PUP/Win32.MulDrop
Bkav FE	1.3.0.4923	HW32.CDB
Malwarebytes	v2014.02.13.08	PUP.Optional.CrossRider.A
Symantec	2/13/2014 rev. 5	WS.Reputation
Lavasoft Ad-Aware	12.0.163.0	Adware.Generic.915161
Avira AntiVir	7.11.154.26	Adware/CrossRider.A.2276
Antiy-AVL	1.0.0.1	Trojan/Win32.SGeneric
avast!	8.0.1489.320	Win32:Adware-gen [Adw]
Baidu-International	3.5.1.41473	Adware.Win32.CrossRider.40
Bitdefender	7.2	Adware.Generic.915161
Comodo Security	18496	ApplicUnwnt
Dr.Web	7.0.7.12100	Trojan.Crossrider.7519
Emsisoft Anti-Malware	3.0.0.599	Adware.Generic.915161 (B)
ESET-NOD32	9921	a variant of Win32/Toolbar.CrossRider.AC
Fortinet FortiGate	5.1.152.0	Riskware/Toolbar_CrossRider
F-Secure	11.0.19100.45	Adware.Generic.915161
G Data	24	Adware.Generic.915161
K7 AntiVirus	9.179.12348	Trojan ( 0049590e1 )
K7GW	9.179.12348	Trojan ( 0049590e1 )
McAfee	6.0.4.564	Artemis!41BDA88949A1
McAfee-GW-Edition	2013	Artemis!41BDA88949A1
MicroWorld-eScan	12.0.250.0	Adware.Generic.915161
NANO AntiVirus	0.28.0.60253	Trojan.Win32.Crossrider.cyaxwd
Sophos	4.98.0	AppRider
Tencent	1.0.0.1	Win32.Risk.Adware.Pcjd
Trend Micro	9.740.0.1012	TROJ_GEN.R00JC0OE314
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.R00JC0OE314
VIPRE Antivirus	30146	Crossrider (fs)
AVG	13.0.0.3169	Generic5.AMMM
Jiangmin	16.0.100	AdWare/Lyckriks.ff
Kaspersky	12.0.0.1225	not-a-virus:AdWare.Win32.Lyckriks.mk
Kingsoft AntiVirus	2013.04.09.267	Win32.Troj.Lyckriks.mk.(kcloud)
Vba32 AntiVirus	3.12.24.3	AdWare.Lyckriks
Agnitum Outpost	5.5.1.3	PUA.Toolbar.CrossRider!
SUPERAntiSpyware	5.6.0.1032	Trojan.Agent/Gen-Crossrider

The weDownload-updater.exe (MD5: 8389ddbb0307681874bbb865d6e29535) has been flagged by 13 scanners:

Scanner Software	Version	Result
Agnitum Outpost	5.5.1.3	PUA.Toolbar.CrossRider!
Baidu-International	3.5.1.41473	Adware.Win32.CrossRider.X
Dr.Web	7.00.8.02260	Trojan.Crossrider.7209
ESET-NOD32	9630	a variant of Win32/Toolbar.CrossRider.X
Fortinet FortiGate	4	Riskware/Toolbar_CrossRider
Malwarebytes	1.75.0001	PUP.Optional.weDownload.A
McAfee	6.0.4.564	Artemis!8389DDBB0307
McAfee-GW-Edition	2013	Artemis!8389DDBB0307
SUPERAntiSpyware	5.6.0.1032	Trojan.Agent/Gen-Crossrider
Symantec	20131.1.5.61	Adware.Crossid
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.R0C1H05CR14
VIPRE Antivirus	27978	Crossrider (fs)
AVG	13.0.0.3169	MultiBundle.V

The weDownload-firefoxinstaller.exe (MD5: 85f1d51a7cb4d948e97e4bbcb7ec9668) has been flagged by 11 scanners:

Scanner Software	Version	Result
AVG	13.0.0.3169	MultiBundle.V
Baidu-International	3.5.1.41473	Adware.Win32.CrossRider.40
Dr.Web	7.00.8.02260	Trojan.Crossrider.7210
ESET-NOD32	9630	a variant of Win32/Toolbar.CrossRider.Y
Fortinet FortiGate	4	Riskware/Toolbar_CrossRider
Malwarebytes	1.75.0001	PUP.Optional.weDownload.A
McAfee	6.0.4.564	Artemis!85F1D51A7CB4
McAfee-GW-Edition	2013	Artemis!85F1D51A7CB4
Symantec	20131.1.5.61	Adware.Crossid
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.R0C1H05CR14
VIPRE Antivirus	27978	Crossrider (fs)

The weDownload-enabler.exe (MD5: 41bda88949a12d1f348d0669515d6316) has been flagged by 33 scanners:

Scanner Software	Version	Result
Lavasoft Ad-Aware	12.0.163.0	Adware.Generic.915161
Avira AntiVir	7.11.154.26	Adware/CrossRider.A.2276
Antiy-AVL	1.0.0.1	Trojan/Win32.SGeneric
avast!	8.0.1489.320	Win32:Adware-gen [Adw]
Baidu-International	3.5.1.41473	Adware.Win32.CrossRider.40
Bitdefender	7.2	Adware.Generic.915161
Comodo Security	18496	ApplicUnwnt
Dr.Web	7.0.7.12100	Trojan.Crossrider.7519
Emsisoft Anti-Malware	3.0.0.599	Adware.Generic.915161 (B)
ESET-NOD32	9921	a variant of Win32/Toolbar.CrossRider.AC
Fortinet FortiGate	5.1.152.0	Riskware/Toolbar_CrossRider
F-Secure	11.0.19100.45	Adware.Generic.915161
G Data	24	Adware.Generic.915161
K7 AntiVirus	9.179.12348	Trojan ( 0049590e1 )
K7GW	9.179.12348	Trojan ( 0049590e1 )
Malwarebytes	1.75.0.1	PUP.Optional.weDownload.A
McAfee	6.0.4.564	Artemis!41BDA88949A1
McAfee-GW-Edition	2013	Artemis!41BDA88949A1
MicroWorld-eScan	12.0.250.0	Adware.Generic.915161
NANO AntiVirus	0.28.0.60253	Trojan.Win32.Crossrider.cyaxwd
Sophos	4.98.0	AppRider
Symantec	20131.1.5.61	Adware.Crossid
Tencent	1.0.0.1	Win32.Risk.Adware.Pcjd
Trend Micro	9.740.0.1012	TROJ_GEN.R00JC0OE314
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.R00JC0OE314
VIPRE Antivirus	30146	Crossrider (fs)
AVG	13.0.0.3169	Generic5.AMMM
Jiangmin	16.0.100	AdWare/Lyckriks.ff
Kaspersky	12.0.0.1225	not-a-virus:AdWare.Win32.Lyckriks.mk
Kingsoft AntiVirus	2013.04.09.267	Win32.Troj.Lyckriks.mk.(kcloud)
Vba32 AntiVirus	3.12.24.3	AdWare.Lyckriks
Agnitum Outpost	5.5.1.3	PUA.Toolbar.CrossRider!
SUPERAntiSpyware	5.6.0.1032	Trojan.Agent/Gen-Crossrider

The weDownload-codedownloader.exe (MD5: 0817a60ddb8122aed06341df102d9540) has been flagged by 27 scanners:

Scanner Software	Version	Result
Lavasoft Ad-Aware	12.0.163.0	Adware.Generic.904159
Antiy-AVL	0.1.0.1	Trojan/Win32.SGeneric
Baidu-International	3.5.1.41473	Adware.Win32.CrossRider.X
Bitdefender	7.2	Adware.Generic.904159
Dr.Web	7.00.8.02260	Trojan.Crossrider.7193
Emsisoft Anti-Malware	3.0.0.596	Adware.Generic.904159 (B)
ESET-NOD32	9630	a variant of Win32/Toolbar.CrossRider.X
Fortinet FortiGate	4	Riskware/Toolbar_CrossRider
F-Secure	11.0.19100.45	Adware.Generic.904159
G Data	24	Adware.Generic.904159
Malwarebytes	1.75.0001	PUP.Optional.weDownload.A
McAfee	6.0.4.564	Artemis!0817A60DDB81
McAfee-GW-Edition	2013	Artemis!0817A60DDB81
MicroWorld-eScan	12.0.250.0	Adware.Generic.904159
Symantec	20131.1.5.61	Adware.Crossid
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.R047H05CJ14
VIPRE Antivirus	27978	Crossrider (fs)
AVG	13.0.0.3169	Generic5.AMMM
Comodo Security	17828	ApplicUnwnt
Jiangmin	16.0.100	AdWare/Lyckriks.ff
Kaspersky	12.0.0.1225	not-a-virus:AdWare.Win32.Lyckriks.mk
Kingsoft AntiVirus	2013.04.09.267	Win32.Troj.Lyckriks.mk.(kcloud)
NANO AntiVirus	0.28.0.57630	Riskware.Win32.Lyckriks.ctgwey
Sophos	4.97.0	AppRider
Vba32 AntiVirus	3.12.24.3	AdWare.Lyckriks
Agnitum Outpost	5.5.1.3	PUA.Toolbar.CrossRider!
SUPERAntiSpyware	5.6.0.1032	Trojan.Agent/Gen-Crossrider

Startup Entries

Startup tasks:

The weDownload-updater.exe is automatically launched at startup through a scheduled task named The weDownload-updater.
The weDownload-enabler.exe is automatically launched at startup through a scheduled task named The weDownload-enabler.
The weDownload-firefoxinstaller.exe is automatically launched at startup through a scheduled task named The weDownload-firefoxinstaller.
The weDownload-codedownloader.exe is automatically launched at startup through a scheduled task named The weDownload-codedownloader.
The weDownload-chromeinstaller.exe is automatically launched at startup through a scheduled task named The weDownload-chromeinstaller.

Software Details

URL:

https://www.wedownload.com

Support:

–

Installation path:

C:\Program Files\the wedownload

Uninstaller:

C:\Program Files\The weDownload\Uninstall.exe /fromcontrolpanel=1

Size:

7.00 MB

Language:

English

The weDownload Executable Details

Primary executable:

utils.exe

Name:

The weDownload

Path:

C:\Program Files\the wedownload\utils.exe

MD5:

c6ee850aa42eaf0b67e7a2bec46093f0

SHA-1:

–

SHA-256:

–

File Type

Filename

MD5

EXE

uninstall.exe

17fda6aa05a402f281a5fd7b867a4f1a

EXE

utils.exe

Malware

c6ee850aa42eaf0b67e7a2bec46093f0

XPI

49072.xpi

7372537912a40d0798652862b98b81a7

EXE

The weDownload-updater.exe

Malware

8389ddbb0307681874bbb865d6e29535

EXE

The weDownload-firefoxinstaller.exe

Malware

85f1d51a7cb4d948e97e4bbcb7ec9668

EXE

The weDownload-enabler.exe

Malware

41bda88949a12d1f348d0669515d6316

EXE

The weDownload-codedownloader.exe

Malware

0817a60ddb8122aed06341df102d9540

EXE

The weDownload-chromeinstaller.exe

Malware

efbe2390e882d867d0646f0d0fa019c8

EXE

The weDownload-buttonutil64.exe

b32ea279f056e2611b31f3d97d6f5143

EXE

The weDownload-buttonutil.exe

a44700f4d64dc0e4def6b3cb56bb1875

File Type	Filename	MD5
EXE	uninstall.exe	17fda6aa05a402f281a5fd7b867a4f1a
EXE	utils.exe Malware	c6ee850aa42eaf0b67e7a2bec46093f0
XPI	49072.xpi	7372537912a40d0798652862b98b81a7
EXE	The weDownload-updater.exe Malware	8389ddbb0307681874bbb865d6e29535
EXE	The weDownload-firefoxinstaller.exe Malware	85f1d51a7cb4d948e97e4bbcb7ec9668
EXE	The weDownload-enabler.exe Malware	41bda88949a12d1f348d0669515d6316
EXE	The weDownload-codedownloader.exe Malware	0817a60ddb8122aed06341df102d9540
EXE	The weDownload-chromeinstaller.exe Malware	efbe2390e882d867d0646f0d0fa019c8
EXE	The weDownload-buttonutil64.exe	b32ea279f056e2611b31f3d97d6f5143
EXE	The weDownload-buttonutil.exe	a44700f4d64dc0e4def6b3cb56bb1875

The weDownload

What is The weDownload?

About The weDownload?

Multiple virus scanners have detected malware in The weDownload.

Startup Entries

Software Details

The weDownload Executable Details