What is The weDownload?

The weDownload is software application developed by weDownload Ltd. It is most commonly found on computers running Windows 7 with nearly 59.74% of installations running this operating system. The weDownload's installer is typically 7.00 MB in size and installs around 17 files. The most common release is 1.34.2.13 with 46.05% of all installations currently using this version.

The weDownload is most popular in the United States with 30.08% of installations residing in this country.

About The weDownload?

WeDownload is a web browser extension and Browser Helper Object (BHO) designed to deliver contextual-based advertising to Internet Explorer. It has the capability to modify the user's browser home and search pages, as well as 'New Tab' pages, in order to push advertising and search results. Additionally, the software may be bundled with potentially unwanted applications from the same publisher and third-party apps.

Multiple virus scanners have detected malware in The weDownload.

utils.exe (MD5: c6ee850aa42eaf0b67e7a2bec46093f0) has been flagged by 35 scanners:

Scanner Software	Version	Result
AhnLab-V3	2014.02.08	PUP/Win32.MulDrop
Bkav FE	1.3.0.4923	HW32.CDB
Malwarebytes	v2014.02.13.08	PUP.Optional.CrossRider.A
Symantec	2/13/2014 rev. 5	WS.Reputation
Lavasoft Ad-Aware	12.0.163.0	Adware.Generic.915161
Avira AntiVir	7.11.154.26	Adware/CrossRider.A.2276
Antiy-AVL	1.0.0.1	Trojan/Win32.SGeneric
avast!	8.0.1489.320	Win32:Adware-gen [Adw]
Baidu-International	3.5.1.41473	Adware.Win32.CrossRider.40
Bitdefender	7.2	Adware.Generic.915161
Comodo Security	18496	ApplicUnwnt
Dr.Web	7.0.7.12100	Trojan.Crossrider.7519
Emsisoft Anti-Malware	3.0.0.599	Adware.Generic.915161 (B)
ESET-NOD32	9921	a variant of Win32/Toolbar.CrossRider.AC
Fortinet FortiGate	5.1.152.0	Riskware/Toolbar_CrossRider
F-Secure	11.0.19100.45	Adware.Generic.915161
G Data	24	Adware.Generic.915161
K7 AntiVirus	9.179.12348	Trojan ( 0049590e1 )
K7GW	9.179.12348	Trojan ( 0049590e1 )
McAfee	6.0.4.564	Artemis!41BDA88949A1
McAfee-GW-Edition	2013	Artemis!41BDA88949A1
MicroWorld-eScan	12.0.250.0	Adware.Generic.915161
NANO AntiVirus	0.28.0.60253	Trojan.Win32.Crossrider.cyaxwd
Sophos	4.98.0	AppRider
Tencent	1.0.0.1	Win32.Risk.Adware.Pcjd
Trend Micro	9.740.0.1012	TROJ_GEN.R00JC0OE314
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.R00JC0OE314
VIPRE Antivirus	30146	Crossrider (fs)
AVG	13.0.0.3169	Generic5.AMMM
Jiangmin	16.0.100	AdWare/Lyckriks.ff
Kaspersky	12.0.0.1225	not-a-virus:AdWare.Win32.Lyckriks.mk
Kingsoft AntiVirus	2013.04.09.267	Win32.Troj.Lyckriks.mk.(kcloud)
Vba32 AntiVirus	3.12.24.3	AdWare.Lyckriks
Agnitum Outpost	5.5.1.3	PUA.Toolbar.CrossRider!
SUPERAntiSpyware	5.6.0.1032	Trojan.Agent/Gen-Crossrider

The weDownload-updater.exe (MD5: 8389ddbb0307681874bbb865d6e29535) has been flagged by 13 scanners:

Scanner Software	Version	Result
Agnitum Outpost	5.5.1.3	PUA.Toolbar.CrossRider!
Baidu-International	3.5.1.41473	Adware.Win32.CrossRider.X
Dr.Web	7.00.8.02260	Trojan.Crossrider.7209
ESET-NOD32	9630	a variant of Win32/Toolbar.CrossRider.X
Fortinet FortiGate	4	Riskware/Toolbar_CrossRider
Malwarebytes	1.75.0001	PUP.Optional.weDownload.A
McAfee	6.0.4.564	Artemis!8389DDBB0307
McAfee-GW-Edition	2013	Artemis!8389DDBB0307
SUPERAntiSpyware	5.6.0.1032	Trojan.Agent/Gen-Crossrider
Symantec	20131.1.5.61	Adware.Crossid
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.R0C1H05CR14
VIPRE Antivirus	27978	Crossrider (fs)
AVG	13.0.0.3169	MultiBundle.V

The weDownload-firefoxinstaller.exe (MD5: 85f1d51a7cb4d948e97e4bbcb7ec9668) has been flagged by 11 scanners:

Scanner Software	Version	Result
AVG	13.0.0.3169	MultiBundle.V
Baidu-International	3.5.1.41473	Adware.Win32.CrossRider.40
Dr.Web	7.00.8.02260	Trojan.Crossrider.7210
ESET-NOD32	9630	a variant of Win32/Toolbar.CrossRider.Y
Fortinet FortiGate	4	Riskware/Toolbar_CrossRider
Malwarebytes	1.75.0001	PUP.Optional.weDownload.A
McAfee	6.0.4.564	Artemis!85F1D51A7CB4
McAfee-GW-Edition	2013	Artemis!85F1D51A7CB4
Symantec	20131.1.5.61	Adware.Crossid
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.R0C1H05CR14
VIPRE Antivirus	27978	Crossrider (fs)

The weDownload-enabler.exe (MD5: 41bda88949a12d1f348d0669515d6316) has been flagged by 33 scanners:

Scanner Software	Version	Result
Lavasoft Ad-Aware	12.0.163.0	Adware.Generic.915161
Avira AntiVir	7.11.154.26	Adware/CrossRider.A.2276
Antiy-AVL	1.0.0.1	Trojan/Win32.SGeneric
avast!	8.0.1489.320	Win32:Adware-gen [Adw]
Baidu-International	3.5.1.41473	Adware.Win32.CrossRider.40
Bitdefender	7.2	Adware.Generic.915161
Comodo Security	18496	ApplicUnwnt
Dr.Web	7.0.7.12100	Trojan.Crossrider.7519
Emsisoft Anti-Malware	3.0.0.599	Adware.Generic.915161 (B)
ESET-NOD32	9921	a variant of Win32/Toolbar.CrossRider.AC
Fortinet FortiGate	5.1.152.0	Riskware/Toolbar_CrossRider
F-Secure	11.0.19100.45	Adware.Generic.915161
G Data	24	Adware.Generic.915161
K7 AntiVirus	9.179.12348	Trojan ( 0049590e1 )
K7GW	9.179.12348	Trojan ( 0049590e1 )
Malwarebytes	1.75.0.1	PUP.Optional.weDownload.A
McAfee	6.0.4.564	Artemis!41BDA88949A1
McAfee-GW-Edition	2013	Artemis!41BDA88949A1
MicroWorld-eScan	12.0.250.0	Adware.Generic.915161
NANO AntiVirus	0.28.0.60253	Trojan.Win32.Crossrider.cyaxwd
Sophos	4.98.0	AppRider
Symantec	20131.1.5.61	Adware.Crossid
Tencent	1.0.0.1	Win32.Risk.Adware.Pcjd
Trend Micro	9.740.0.1012	TROJ_GEN.R00JC0OE314
TrendMicro-HouseCall	9.700.0.1001	TROJ_GEN.R00JC0OE314
VIPRE Antivirus	30146	Crossrider (fs)
AVG	13.0.0.3169	Generic5.AMMM
Jiangmin	16.0.100	AdWare/Lyckriks.ff
Kaspersky	12.0.0.1225	not-a-virus:AdWare.Win32.Lyckriks.mk
Kingsoft AntiVirus	2013.04.09.267	Win32.Troj.Lyckriks.mk.(kcloud)
Vba32 AntiVirus	3.12.24.3	AdWare.Lyckriks
Agnitum Outpost	5.5.1.3	PUA.Toolbar.CrossRider!
SUPERAntiSpyware	5.6.0.1032	Trojan.Agent/Gen-Crossrider

The weDownload-codedownloader.exe (MD5: 0817a60ddb8122aed06341df102d9540) has been flagged by 27 scanners:

Scanner Software	Version	Result
Lavasoft Ad-Aware	12.0.163.0	Adware.Generic.904159
Antiy-AVL	0.1.0.1	Trojan/Win32.SGeneric
Baidu-International	3.5.1.41473	Adware.Win32.CrossRider.X
Bitdefender	7.2	Adware.Generic.904159
Dr.Web	7.00.8.02260	Trojan.Crossrider.7193
Emsisoft Anti-Malware	3.0.0.596	Adware.Generic.904159 (B)
ESET-NOD32	9630	a variant of Win32/Toolbar.CrossRider.X
Fortinet FortiGate	4	Riskware/Toolbar_CrossRider
F-Secure	11.0.19100.45	Adware.Generic.904159
G Data	24	Adware.Generic.904159
Malwarebytes	1.75.0001	PUP.Optional.weDownload.A
McAfee	6.0.4.564	Artemis!0817A60DDB81
McAfee-GW-Edition	2013	Artemis!0817A60DDB81
MicroWorld-eScan	12.0.250.0	Adware.Generic.904159
Symantec	20131.1.5.61	Adware.Crossid
TrendMicro-HouseCall	9.700-1001	TROJ_GEN.R047H05CJ14
VIPRE Antivirus	27978	Crossrider (fs)
AVG	13.0.0.3169	Generic5.AMMM
Comodo Security	17828	ApplicUnwnt
Jiangmin	16.0.100	AdWare/Lyckriks.ff
Kaspersky	12.0.0.1225	not-a-virus:AdWare.Win32.Lyckriks.mk
Kingsoft AntiVirus	2013.04.09.267	Win32.Troj.Lyckriks.mk.(kcloud)
NANO AntiVirus	0.28.0.57630	Riskware.Win32.Lyckriks.ctgwey
Sophos	4.97.0	AppRider
Vba32 AntiVirus	3.12.24.3	AdWare.Lyckriks
Agnitum Outpost	5.5.1.3	PUA.Toolbar.CrossRider!
SUPERAntiSpyware	5.6.0.1032	Trojan.Agent/Gen-Crossrider

Startup Entries

Startup tasks:

The weDownload-updater.exe is automatically launched at startup through a scheduled task named The weDownload-updater.
The weDownload-enabler.exe is automatically launched at startup through a scheduled task named The weDownload-enabler.
The weDownload-firefoxinstaller.exe is automatically launched at startup through a scheduled task named The weDownload-firefoxinstaller.
The weDownload-codedownloader.exe is automatically launched at startup through a scheduled task named The weDownload-codedownloader.
The weDownload-chromeinstaller.exe is automatically launched at startup through a scheduled task named The weDownload-chromeinstaller.

Software Details

URL:

https://www.wedownload.com

Support:

–

Installation path:

C:\Program Files\the wedownload

Uninstaller:

C:\Program Files\The weDownload\Uninstall.exe /fromcontrolpanel=1

Size:

7.00 MB

Language:

English

The weDownload Executable Details

Primary executable:

utils.exe

Name:

The weDownload

Path:

C:\Program Files\the wedownload\utils.exe

MD5:

c6ee850aa42eaf0b67e7a2bec46093f0

SHA-1:

–

SHA-256:

–

File Type

Filename

MD5

DLL

The weDownload-bho64.dll

Malware

e48fac65f468b29795843b4bea2d0b80

DLL

The weDownload-bho.dll

Malware

acc117b55ebecd9b2119ac9a7dce3ed8

EXE

The weDownload-bg.exe

c9c625acd777e55fc5739e9a428b1dce

DLL

The weDownload-buttonutil.dll

c1b7379b3f39046dc1344ce803062300

DLL

The weDownload-buttonutil64.dll

e558b0e3fe8c65873f10487241134d99

EXE

The weDownload-helper.exe

41cb5842874eb9351c169aa64a516d75

CRX

49072.crx

9eabc12955a611170fe2e4982d628c82

File Type	Filename	MD5
DLL	The weDownload-bho64.dll Malware	e48fac65f468b29795843b4bea2d0b80
DLL	The weDownload-bho.dll Malware	acc117b55ebecd9b2119ac9a7dce3ed8
EXE	The weDownload-bg.exe	c9c625acd777e55fc5739e9a428b1dce
DLL	The weDownload-buttonutil.dll	c1b7379b3f39046dc1344ce803062300
DLL	The weDownload-buttonutil64.dll	e558b0e3fe8c65873f10487241134d99
EXE	The weDownload-helper.exe	41cb5842874eb9351c169aa64a516d75
CRX	49072.crx	9eabc12955a611170fe2e4982d628c82