Wifi Protector BI

Wifi Protector BI

Known Generic

by WFprotect

What is Wifi Protector BI?

Wifi Protector BI is software application developed by WFprotect. It is most commonly found on computers running Windows 7 with nearly 77.42% of installations running this operating system. Wifi Protector BI's installer is typically 9.00 MB in size and installs around 348 files. The most common release is 1.34.8.12 with 46.77% of all installations currently using this version.

Wifi Protector BI is most popular in Brazil with 58.21% of installations residing in this country.

Wifi Protector BI adds 6 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times.

Multiple virus scanners have detected malware in Wifi Protector BI.

Wifi Protector BI-firefoxinstaller.exe (MD5: 11201274bced423a0ea8e90102bd069a) has been flagged by 29 scanners:
Scanner Software Result
Lavasoft Ad-Aware Adware.Generic.1009856
AegisLab Troj.W32.Gen
avast! Win32:Crossrider-AI [PUP]
AVG Generic5
Avira ADWARE/CrossRider.Gen2
AVware Crossrider (fs)
Baidu-International Adware.Win32.CrossRider.bJ
Bitdefender Adware.Generic.1009856
Dr.Web Trojan.Crossrider.27966
Emsisoft Anti-Malware Adware.Generic.1009856
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.J
F-Prot W32/A-eb9ef301
F-Secure Adware.Generic.1009856
G Data Adware.Generic.1009856
Malwarebytes PUP.Optional.WifiProtector.A
McAfee Artemis!11201274BCED
McAfee-GW-Edition BehavesLike.Win32.AdwareCross.bh
MicroWorld-eScan Adware.Generic.1009856
NANO AntiVirus Trojan.Win32.Crossrider.ddxixk
Symantec Adware.FindLyrics
Trend Micro TROJ_GEN.R0C1C0OJU14
TrendMicro-HouseCall TROJ_GEN.R0C1C0OJU14
VIPRE Antivirus Crossrider (fs)
Zillya Adware.Lyckriks.Win32.676
Bkav FE W32.Clod9ca.Trojan.9bee
K7 AntiVirus Trojan ( 0048c18f1 )
K7GW Trojan ( 0048c18f1 )
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
Norman Suspicious_Gen4.FKHBN
Wifi Protector BI-codedownloader.exe (MD5: a9aad59f364736f31469c55fd185e76b) has been flagged by 4 scanners:
Scanner Software Result
Baidu-International HackTool.Win32.CrossRider.K
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.K
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
VIPRE Antivirus Crossrider (fs)
Wifi Protector BI-chromeinstaller.exe (MD5: 70b72abcece3442dd5271240b95ada58) has been flagged by 10 scanners:
Scanner Software Result
Baidu-International Trojan.Win32.Toolbar.CrossRider.J
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.J
K7 AntiVirus Trojan ( 0048c68d1 )
K7GW Trojan ( 0048c68d1 )
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
McAfee Artemis!70B72ABCECE3
McAfee-GW-Edition Artemis!70B72ABCECE3
Symantec WS.Reputation.1
TrendMicro-HouseCall TROJ_GEN.F47V1025
VIPRE Antivirus Crossrider (fs)
Wifi Protector BI-bho.dll (MD5: 4a8fa2692155aeaa21c0487c8453a780) has been flagged by 12 scanners:
Scanner Software Result
Baidu-International HackTool.Win32.CrossRider.H
Bkav FE W32.Clod9ca.Trojan.9bee
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.H
K7 AntiVirus Trojan ( 0048c18f1 )
K7GW Trojan ( 0048c18f1 )
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
McAfee Artemis!4A8FA2692155
McAfee-GW-Edition Artemis!4A8FA2692155
Norman Suspicious_Gen4.FKHBN
Symantec Adware.Crossid
TrendMicro-HouseCall TROJ_GEN.F47V1025
VIPRE Antivirus Crossrider (fs)

Software Behaviors

Scheduled tasks:
  • 270fdbee-632c-4089-9663-52c1b42da3ab-7.exe is scheduled as a task named '270fdbee-632c-4089-9663-52c1b42da3ab-1'.
  • 4bfce921-50c8-436d-8632-66ea3157fd1f.exe is scheduled as a task named 'temp_4bfce921-50c8-436d-8632-66ea3157fd1f'.
  • 270fdbee-632c-4089-9663-52c1b42da3ab-6.exe is scheduled as a task named 'temp_270fdbee-632c-4089-9663-52c1b42da3ab-6'.
  • 270fdbee-632c-4089-9663-52c1b42da3ab-5.exe is scheduled as a task named '270fdbee-632c-4089-9663-52c1b42da3ab-5_user'.
  • 270fdbee-632c-4089-9663-52c1b42da3ab-4.exe is scheduled as a task named '270fdbee-632c-4089-9663-52c1b42da3ab-4'.
  • 270fdbee-632c-4089-9663-52c1b42da3ab-2.exe is scheduled as a task named 'temp_270fdbee-632c-4089-9663-52c1b42da3ab-2'.

Startup Entries

Startup tasks:
  • 2c916b1c-c976-4b46-93ff-f874e596d246-11.exe is automatically launched at startup through a scheduled task named 2c916b1c-c976-4b46-93ff-f874e596d246-11.
  • 367e345e-ea74-42a0-b5c3-60afdeed8df9-7.exe is automatically launched at startup through a scheduled task named ef992c94-8901-4b49-851e-928aee493a0e-1.
  • 367e345e-ea74-42a0-b5c3-60afdeed8df9-6.exe is automatically launched at startup through a scheduled task named 367e345e-ea74-42a0-b5c3-60afdeed8df9-6.
  • 367e345e-ea74-42a0-b5c3-60afdeed8df9-5.exe is automatically launched at startup through a scheduled task named 367e345e-ea74-42a0-b5c3-60afdeed8df9-5_user.
  • 367e345e-ea74-42a0-b5c3-60afdeed8df9-4.exe is automatically launched at startup through a scheduled task named 367e345e-ea74-42a0-b5c3-60afdeed8df9-4.
  • 367e345e-ea74-42a0-b5c3-60afdeed8df9-11.exe is automatically launched at startup through a scheduled task named 367e345e-ea74-42a0-b5c3-60afdeed8df9-11.

Software Details

URL:
Support:
Installation path:
C:\Program Files\wifi protector bi
Uninstaller:
C:\Program Files\Wifi Protector BI\Uninstall.exe /fcp=1
Size:
9.00 MB
Language:
English

Wifi Protector BI Executable Details

Primary executable:
utils.exe
Name:
Wifi Protector BI
Path:
C:\Program Files\wifi protector bi\utils.exe
MD5:
SHA-1:
SHA-256:
Files installed by Wifi Protector BI
File Type Filename MD5
DLL
newtonsoft.json.dll
0900b6c72905788aca613f89fe739bd3
EXE
uninstall.exe
340b1de820cc0232f74babe51caae3e8
DLL
Interop.IWshRuntimeLibrary.dll
5e8e81170731f5521bf540e5e374b011
DLL
WebSocket4Net.dll
06bef001533cc9b2aee78e0315432f94
EXE
utils.exe
a0bdc8051a740904d9e5f24d697f6875
DLL
SuperSocket.ClientEngine.Protocol.dll
054eb97126c57f5476abc3c6f8586eab
DLL
SuperSocket.ClientEngine.Core.dll
55bbde7f48a5ef7a8254bfeb3a5a39d7
DLL
SuperSocket.ClientEngine.Common.dll
9161b2db6facc5aa59f5eae689ec05af
EXE
Wifi Protector BI-helper.exe
c0386bbe6ab39a92a4ccb4019dd4eef7
DLL
Wifi Protector BI-buttonutil64.dll
1cf3f3a8cb1b19776cac15d1c0fea7b8