Adware.RunBooster is Malwarebytes’ detection for a family of adware that mainly uses the Windows scheduled tasks feature to show advertisements on affected systems.
Users of affected systems may notice warnings during install, scheduled tasks, or an entry in installed programs and features.
Adware.RunBooster install warning
Adware.RunBooster Scheduled Task
Adware.RunBooster entry under installed Programs and Features
Malwarebytes protects users from Adware.RunBooster by using real-time protection.
Malwarebytes blocks Adware.RunBooster
Malwarebytes can detect and remove Adware.RunBooster without further user interaction.
A Malwarebytes log of removal will look similar to this:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/7/17 Scan Time: 9:11 AM Logfile: mbamRunBooster.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.1201 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 359009 Time Elapsed: 2 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 Adware.RunBooster, C:\PROGRAM FILES\RUNBOOSTER\RUNBOOSTERSERVICE64.EXE, Quarantined, [2278], [357591],1.0.1201 Module: 1 Adware.RunBooster, C:\PROGRAM FILES\RUNBOOSTER\RUNBOOSTERSERVICE64.EXE, Quarantined, [2278], [357591],1.0.1201 Registry Key: 3 Adware.RunBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9475BC77-1F2B-4B71-B8C3-7702B8C4DBC9}, Delete-on-Reboot, [2278], [358296],1.0.1201 Adware.RunBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\RunBoosterUpdateTask, Delete-on-Reboot, [2278], [358287],1.0.1201 Adware.RunBooster, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RUNBOOSTER, Delete-on-Reboot, [2278], [357591],1.0.1201 Registry Value: 2 Adware.RunBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9475BC77-1F2B-4B71-B8C3-7702B8C4DBC9}|PATH, Delete-on-Reboot, [2278], [358296],1.0.1201 Adware.RunBooster, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RUNBOOSTER|DESCRIPTION, Delete-on-Reboot, [2278], [357591],1.0.1201 Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 Adware.RunBooster, C:\USERS\{username}\DESKTOP\RUNBOOSTERSETUP64_3231.EXE, Delete-on-Reboot, [2278], [357686],1.0.1201 Adware.RunBooster, C:\PROGRAM FILES\RUNBOOSTER\RUNBOOSTERUPDATETASK64.EXE, Delete-on-Reboot, [2278], [357685],1.0.1201 Adware.RunBooster, C:\WINDOWS\SYSTEM32\TASKS\RUNBOOSTERUPDATETASK, Delete-on-Reboot, [2278], [357683],1.0.1201 Adware.RunBooster, C:\PROGRAM FILES\RUNBOOSTER\RUNBOOSTERSERVICE64.EXE, Delete-on-Reboot, [2278], [357591],1.0.1201 Physical Sector: 0 (No malicious items detected) (end)
You may see these entries in FRST logs:
(SkyNET Corporation) C:\Program Files\RunBooster\RunBoosterService64.exe R2 RunBooster; C:\Program Files\RunBooster\RunBoosterService64.exe [286720 2017-02-07] (SkyNET Corporation) [File not signed] R2 WinDivert1.2; C:\Windows\system32\drivers\WinDivert64.sys [37552 2017-02-07] (Basil) (Basil) C:\Windows\system32\Drivers\WinDivert64.sys C:\Windows\System32\Tasks\RunBoosterUpdateTask C:\Program Files\RunBooster RunBooster (HKLM\...\RunBooster) (Version: 1.0.3 - SkyNET Corporation) <==== ATTENTION Task: {9475BC77-1F2B-4B71-B8C3-7702B8C4DBC9} - System32\Tasks\RunBoosterUpdateTask => C:\Program Files\RunBooster\RunBoosterUpdateTask64.exe [2017-02-07] (SkyNET Corporation) <==== ATTENTION () C:\Program Files\RunBooster\WinDivert.dll
Select your language