HealthCareGovTool

By GoldSparrow in Adware

Threat Scorecard

Ranking:	5,960
Threat Level:	20 % (Normal)
Infected Computers:	5,939

First Seen:	February 26, 2015
Last Seen:	September 20, 2023
OS(es) Affected:	Windows

The HealthCareGovTool browser tool is promoted to allow you to browse more efficiently the reputable HealthCare.gov website, but you might want to know that it's classified by security analysts as adware. The HealthCareGovTool adware may not fulfill your expectations, and it may use its browser integration to display banners, ad boxes and in-text hyperlinks to sponsored products. The HealthCareGovTool adware may use a Browser Helper Object, a browser extension, and an add-on to perform its operations. You may automatically install the HealthCareGovTool adware on your system when you handle freeware bundles via the 'Express' or 'Typical' option. The HealthCareGovTool adware may not feature safe online resources and web surfers may be directed to visit suspicious online stores and low-quality search engines. Also, the HealthCareGovTool adware may decrease the performance of your web browser and read your browsing history to determine what type of ads may interest you. Computer users might wish to consider using a trusted anti-spyware solution to remove all components of the HealthCareGovTool adware from their OS.

Table of Contents

Aliases

6 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
Symantec	WS.Reputation.1
DrWeb	Adware.Superfish.227
AVG	Generic.C68
DrWeb	Adware.Superfish.217
Avast	Win32:Adware-gen [Adw]
DrWeb	Adware.Superfish.96

SpyHunter Detects & Remove HealthCareGovTool

File System Details

HealthCareGovTool may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	WeWatcherProxy.exe	da1549898f29e2a8610d81a6973885ed	37
Name: WeWatcherProxy.exe MD5: da1549898f29e2a8610d81a6973885ed Size: 1.73 MB (1739808 bytes) Detections: 37 Type: Executable File Path: %PROGRAMFILES(x86)%\SysFiles Group: Malware file Last Updated: January 24, 2019
2.	WWatcherLSP.dll	fe7b3418e539cfa3de469f1d9d08e60c	18
Name: WWatcherLSP.dll MD5: fe7b3418e539cfa3de469f1d9d08e60c Size: 305.79 KB (305792 bytes) Detections: 18 Type: Dynamic link library Path: %WINDIR%\SysWOW64\WWatcherLSP.dll Group: Malware file Last Updated: September 14, 2020
3.	WebWatcherProxy.exe	6c17ab63f9b8c2d9bd85d8cc4ccecb51	7
Name: WebWatcherProxy.exe MD5: 6c17ab63f9b8c2d9bd85d8cc4ccecb51 Size: 1.52 MB (1526000 bytes) Detections: 7 Type: Executable File Path: %PROGRAMFILES(x86)%\SysFiles Group: Malware file Last Updated: August 18, 2017
4.	WebWatcherProxy.exe	853fb8ba9854674f28592fb3776e2c4b	1
Name: WebWatcherProxy.exe MD5: 853fb8ba9854674f28592fb3776e2c4b Size: 1.85 MB (1856832 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\SysFiles Group: Malware file Last Updated: August 18, 2017
5.	WeWatcherProxy.exe	24e84ec48f98a1cac7fcd0cd5ee5a20f	1
Name: WeWatcherProxy.exe MD5: 24e84ec48f98a1cac7fcd0cd5ee5a20f Size: 1.86 MB (1862408 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\SysFiles Group: Malware file Last Updated: August 18, 2017
6.	WeWatcherLSP.dll	cf048fcce7d0afe2f3d032f6ce23a8fa	1
Name: WeWatcherLSP.dll MD5: cf048fcce7d0afe2f3d032f6ce23a8fa Size: 305.96 KB (305960 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: October 9, 2015
7.	WeWatcherProxy.exe	c508e16b9f70d5dd5525b34cb61a18ff	1
Name: WeWatcherProxy.exe MD5: c508e16b9f70d5dd5525b34cb61a18ff Size: 1.82 MB (1824248 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\SysFiles Group: Malware file Last Updated: August 18, 2017
8.	WeWatcherProxy.exe	637edd577ebf0a1d947aed6ab8789708	1
Name: WeWatcherProxy.exe MD5: 637edd577ebf0a1d947aed6ab8789708 Size: 1.74 MB (1741016 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\ServiceUpdater Group: Malware file Last Updated: August 18, 2017
9.	WeWatcherProxy.exe	4730f0d10584bc0b06d303ad72cfbbab	1
Name: WeWatcherProxy.exe MD5: 4730f0d10584bc0b06d303ad72cfbbab Size: 1.73 MB (1739808 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\SysFiles Group: Malware file Last Updated: August 18, 2017
10.	WWatcherLSP.dll	aa496569006248dd40ef901a6488bd3c	1
Name: WWatcherLSP.dll MD5: aa496569006248dd40ef901a6488bd3c Size: 293 KB (293008 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: September 28, 2015
11.	WeWatcherProxy.exe	45acb025340734b9bef1f8d31f6d2a38	1
Name: WeWatcherProxy.exe MD5: 45acb025340734b9bef1f8d31f6d2a38 Size: 1.73 MB (1739808 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\SysFiles Group: Malware file Last Updated: August 18, 2017

Registry Details

HealthCareGovTool may create the following registry entry or registry entries:

CLSID

{00D9F0F4-07BB-46A9-9993-C8F7EA2A21F3}

{07FD117E-BAC6-4F75-8570-B4FCE1084A67}

{1B9C5796-93EC-4BD1-B78B-7CA9CC41CBF4}

{2811C0FA-9761-43EA-9AD5-A0421A0B7F39}

{3A9C223B-F390-430D-A334-990BC5E729AB}

{41CB0A85-E6F1-4870-A57C-26B9A4621E48}

{48FA6A2A-A39E-4E08-A210-57D7E485F9C2}

{4AA35302-BF9B-4094-9CDF-BE94BF46E3C1}

{5534719D-3FBF-4B02-9EB1-460277DBE138}

{562B9316-C08A-444A-9482-62080DD851AE}

{61A32176-4B99-4D75-BFCB-5CB2B3B7E42E}

{85F3ED44-E37B-46D1-8BF8-6E49D4F34EC8}

{BB5E0EB5-8A8C-441E-B6B0-D8A5614571C7}

{BF0D7E34-16EC-4682-8144-34007DD3A8C7}

{CB096813-49C6-4D28-A48A-3911F7A2F629}

{D3339B22-715E-4A50-A27D-248949E43CF7}

{DC3AB55D-3513-40CB-8A9B-7ABEF8CA30F2}

{DED2C126-AACF-4F4C-B916-8A220ACCC234}

{EC67C245-F357-4687-A695-B96A7DACF38D}

{F1C51A2C-95E6-4BE8-8323-4ACDA99F68B3}

{F76C5FE5-5CAA-4B3B-8A94-126BC3F47475}

{F81EFBCB-6699-497D-9744-99206A6A88EB}

{FA80FB09-4BE0-4796-AF67-FE5858BC301D}

{FF392F00-BDC2-468B-9255-00F8E8EBD017}

Regexp file mask

%PROGRAMFILES(x86)%\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi

%temp%\WWatcher[RANDOM CHARACTERS].log

%WINDIR%\SysFilesController\SysFiles_backup.exe

%WINDIR%\SysHealthController\SysFiles_backup.exe

%WINDIR%\System32\Tasks\SysHealth_Controller_Mon

%WINDIR%\System32\Tasks\SysProgs_Controller_Mon

%WINDIR%\System32\WeWatcherLSP64.dll

%WINDIR%\System32\WWatcherLSP64.dll

%WINDIR%\System32\WWatcherProxyOff.ini

%WINDIR%\SysWOW64\WeWatcherLSP.dll

%WINDIR%\SysWOW64\WWatcherLSP.dll

%WINDIR%\SysWOW64\WWatcherProxyOff.ini

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Classes\AppID\WWatcherProxy.EXE

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SysHealth_Controller_Mon

SOFTWARE\WeWatcherProxy

SOFTWARE\Wow6432Node\Classes\AppID\WWatcherProxy.EXE

SOFTWARE\Wow6432Node\WeWatcherProxy

SOFTWARE\Wow6432Node\WWatcherProxy

SYSTEM\ControlSet001\Control\SafeBoot\Network\WeWatcherProxy

SYSTEM\ControlSet001\Control\SafeBoot\Network\WWatcherProxy

SYSTEM\ControlSet001\services\WWatcherProxy

SYSTEM\ControlSet002\Control\SafeBoot\Network\WeWatcherProxy

SYSTEM\ControlSet002\Control\SafeBoot\Network\WWatcherProxy

SYSTEM\ControlSet002\services\WWatcherProxy

SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy

SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy

SYSTEM\CurrentControlSet\services\WWatcherProxy

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

HealthcareGovTool

utilPrograms

WebWatcherInstall

WinWiki

Directories

HealthCareGovTool may create the following directory or directories:

%PROGRAMFILES%\HealthcareGovTool

%PROGRAMFILES%\ServiceUpdater

%PROGRAMFILES%\SysPrograms

%PROGRAMFILES%\WebWatcher

%PROGRAMFILES(x86)%\HealthcareGovTool

%PROGRAMFILES(x86)%\ServiceUpdater

%PROGRAMFILES(x86)%\SysPrograms

%PROGRAMFILES(x86)%\WebWatcher

%WinDir%\SysWOW64\config\systemprofile\AppData\Local\WWatcherProxy

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

HealthCareGovTool

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove HealthCareGovTool

File System Details

Registry Details

Directories

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen