OffersWizard

By ESGI Advisor in Adware

Threat Scorecard

Ranking:	3,628
Threat Level:	20 % (Normal)
Infected Computers:	42,664

First Seen:	December 6, 2013
Last Seen:	September 18, 2023
OS(es) Affected:	Windows

OffersWizard is used to generate advertisements revenue. OffersWizard is a Potentially Unwanted Program. Unlike viruses, malware, worms and Trojans, PUPs are not considered a threat and pose a lesser threat to your computer. However, although OffersWizard can be uninstalled as normal and does not have destructive consequences, its effects may be just as disruptive or irritating as many threats. Because of this, PC malware specialists strongly counsel that PC users remove OffersWizard immediately from the affected computer using the assistance of an ethical anti-malware program that is fully up to date.

OffersWizard Uses Its 'Magical Powers' to Favor Its Creators

OffersWizard is designed to generate revenue. There are various strategies in which OffersWizard may be used to make money for a third party at your expense. Below, security researchers have listed the three main ways in which OffersWizard generates revenue:

OffersWizard delivers advertisements to the victim's computer. OffersWizard is associated with pop-up advertisements, sliding advertisements, banner advertisements, video advertisements and in-text marketing links that cause pop-up windows to appear when the affected computer user passes the mouse cursor over them. These types of marketing materials generate advertisement revenue directly at the expense of affected computer users.
OffersWizard also causes Web browser redirects. This practice, known as browser hijacking, involves taking over the affected Web browser and redirecting it to determined websites repeatedly. Typically, OffersWizard redirects computer users to websites containing numerous advertisements and sponsored content. This allows marketers to generate revenue from affiliate marketing.
OffersWizard may also generate revenue through market research. OffersWizard may gather information about your online habits and Web browser settings. This information may be sold to an outsider and may be part of identity theft and other harmful practices.

Do not let marketers generate revenue at your expense! Security researchers strongly recommend that computer users remove OffersWizard immediately from an affected computer. Once OffersWizard has been uninstalled, it is important to verify that OffersWizard has not exposed the affected computer to other potentially unsafe content by scanning the affected computer with a reliable security program.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
Sophos	Generic PUA JF
Avast	Win32:Amonetize-CW [PUP]
Sophos	Mal/Generic-L
Kaspersky	Trojan-Downloader.Win32.Agent.aadeh
Avast	Win32:Downloader-VLT [Trj]
Symantec	PUA.Gen
McAfee	PUP-Amonetize!38FA2BAF42C2
AhnLab-V3	Malware/Win32.Generic
Sophos	Generic PUA NB
Comodo	Application.Win32.Amonetize.NZ
Avast	Win32:Downloader-VLS [Trj]
AVG	Generic_r.PM
Sophos	Mal/Generic-S
DrWeb	Adware.Downware.6304
Comodo	ApplicUnwnt

SpyHunter Detects & Remove OffersWizard

File System Details

OffersWizard may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	B9eG190.exe	a117d93042eeca4e50cf6c8ebb3e8eda	4,486
Name: B9eG190.exe MD5: a117d93042eeca4e50cf6c8ebb3e8eda Size: 349.69 KB (349696 bytes) Detections: 4,486 Type: Executable File Path: C:\Program Files (x86)\ver2OffersWizard\B9eG190.exe Group: Malware file Last Updated: April 1, 2023
2.	e6OffersWizard66.exe	0646ef6df57bd5f5a7c6cf588e4cd9e1	4,231
Name: e6OffersWizard66.exe MD5: 0646ef6df57bd5f5a7c6cf588e4cd9e1 Size: 541.18 KB (541184 bytes) Detections: 4,231 Type: Executable File Path: C:\Programmi\ver2OffersWizard\e6OffersWizard66.exe Group: Malware file Last Updated: April 1, 2023
3.	L2h.exe	605594217cbb8354e8775e6d5d1dcf53	3,779
Name: L2h.exe MD5: 605594217cbb8354e8775e6d5d1dcf53 Size: 348.67 KB (348672 bytes) Detections: 3,779 Type: Executable File Path: C:\Programmi\ver2OffersWizard\L2h.exe Group: Malware file Last Updated: April 1, 2023
4.	nethtsrv.exe	35608d966d4170cb1e7db6cbca7f3483	871
Name: nethtsrv.exe MD5: 35608d966d4170cb1e7db6cbca7f3483 Size: 315.39 KB (315392 bytes) Detections: 871 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: May 10, 2016
5.	nethtsrv.exe	54c4553332aba68332dc050a600ab357	836
Name: nethtsrv.exe MD5: 54c4553332aba68332dc050a600ab357 Size: 357.88 KB (357888 bytes) Detections: 836 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: May 10, 2016
6.	nethtsrv.exe	ff13bdb494f6503961a234ebf8c82c9c	812
Name: nethtsrv.exe MD5: ff13bdb494f6503961a234ebf8c82c9c Size: 357.37 KB (357376 bytes) Detections: 812 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: May 10, 2016
7.	nethtsrv.exe	70a46a4ca8b5ab117ba499ed9c9b490d	658
Name: nethtsrv.exe MD5: 70a46a4ca8b5ab117ba499ed9c9b490d Size: 357.37 KB (357376 bytes) Detections: 658 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: May 10, 2016
8.	nethtsrv.exe	2f6cc4f79d7fe782063caed6872b4c03	620
Name: nethtsrv.exe MD5: 2f6cc4f79d7fe782063caed6872b4c03 Size: 346.62 KB (346624 bytes) Detections: 620 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: May 10, 2016
9.	nethtsrv.exe	df8f1f569a4610372140d88c7db62830	615
Name: nethtsrv.exe MD5: df8f1f569a4610372140d88c7db62830 Size: 315.39 KB (315392 bytes) Detections: 615 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: May 10, 2016
10.	nethtsrv.exe	e9044724c08fdbede0ab2d002eb19755	562
Name: nethtsrv.exe MD5: e9044724c08fdbede0ab2d002eb19755 Size: 356.86 KB (356864 bytes) Detections: 562 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: May 10, 2016
11.	nethtsrv.exe	0aca0104dcad366dcabcbc0d8b8c3397	546
Name: nethtsrv.exe MD5: 0aca0104dcad366dcabcbc0d8b8c3397 Size: 314.88 KB (314880 bytes) Detections: 546 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: December 29, 2019
12.	nethtsrv.exe	13e790020222fbf3e5e222cdf5a00fc6	521
Name: nethtsrv.exe MD5: 13e790020222fbf3e5e222cdf5a00fc6 Size: 346.62 KB (346624 bytes) Detections: 521 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: May 10, 2016
13.	nethtsrv.exe	a4cebdb043eea12c2a7623797a52e0ff	515
Name: nethtsrv.exe MD5: a4cebdb043eea12c2a7623797a52e0ff Size: 314.36 KB (314368 bytes) Detections: 515 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: February 22, 2019
14.	nethtsrv.exe	27e781cc02153ee785c7f72506da68e3	502
Name: nethtsrv.exe MD5: 27e781cc02153ee785c7f72506da68e3 Size: 346.62 KB (346624 bytes) Detections: 502 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: May 10, 2016
15.	190.dll	c57f160f4f68b467e8f9d30a06625794	498
Name: 190.dll MD5: c57f160f4f68b467e8f9d30a06625794 Size: 496.12 KB (496128 bytes) Detections: 498 Type: Dynamic link library Path: C:\Program Files\ver2OffersWizard\190.dll Group: Malware file Last Updated: April 1, 2023
16.	nethtsrv.exe	842a3d831a79c00b191299e90e8c0942	492
Name: nethtsrv.exe MD5: 842a3d831a79c00b191299e90e8c0942 Size: 315.9 KB (315904 bytes) Detections: 492 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: May 10, 2016
17.	nethtsrv.exe	32c6baa7bcd239d011821de0e14b6473	484
Name: nethtsrv.exe MD5: 32c6baa7bcd239d011821de0e14b6473 Size: 357.88 KB (357888 bytes) Detections: 484 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: May 10, 2016
18.	nethtsrv.exe	bf3521310c48a41f41280817527ef314	308
Name: nethtsrv.exe MD5: bf3521310c48a41f41280817527ef314 Size: 346.62 KB (346624 bytes) Detections: 308 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: May 10, 2016
19.	nethtsrv.exe	d8acc7d84d45f29b43d90b968595b9e9	298
Name: nethtsrv.exe MD5: d8acc7d84d45f29b43d90b968595b9e9 Size: 315.39 KB (315392 bytes) Detections: 298 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: May 10, 2016
20.	nethtsrv.exe	4fffa8e0679cfc81ceb968b5e7711771	255
Name: nethtsrv.exe MD5: 4fffa8e0679cfc81ceb968b5e7711771 Size: 314.36 KB (314368 bytes) Detections: 255 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: May 10, 2016
21.	nethtsrv.exe	e484eef0495d799771c59e42361b44ef	251
Name: nethtsrv.exe MD5: e484eef0495d799771c59e42361b44ef Size: 180.22 KB (180224 bytes) Detections: 251 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: May 10, 2016
22.	nethtsrv.exe	a36e55b3f9d3320d6f2473d4d6d6183b	238
Name: nethtsrv.exe MD5: a36e55b3f9d3320d6f2473d4d6d6183b Size: 369.66 KB (369664 bytes) Detections: 238 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: November 26, 2019
23.	nethtsrv.exe	6413112ebb356a6d7d805cf2114537e4	237
Name: nethtsrv.exe MD5: 6413112ebb356a6d7d805cf2114537e4 Size: 369.66 KB (369664 bytes) Detections: 237 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: May 10, 2016
24.	nethtsrv.exe	9fd5d4d8f880d69ab824b4a6e8678cfe	232
Name: nethtsrv.exe MD5: 9fd5d4d8f880d69ab824b4a6e8678cfe Size: 315.39 KB (315392 bytes) Detections: 232 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: May 10, 2016
25.	B9eG190.exe	dec6bf6338138379eac5220d434ae807	13
Name: B9eG190.exe MD5: dec6bf6338138379eac5220d434ae807 Size: 442.86 KB (442861 bytes) Detections: 13 Type: Executable File Path: %PROGRAMFILES%\ver2OffersWizard Group: Malware file Last Updated: March 23, 2016
26.	e6OffersWizard66.exe	7eb7f61e6f34a9ec18ad568aa1e00076	11
Name: e6OffersWizard66.exe MD5: 7eb7f61e6f34a9ec18ad568aa1e00076 Size: 726.96 KB (726968 bytes) Detections: 11 Type: Executable File Path: %PROGRAMFILES%\ver2OffersWizard Group: Malware file Last Updated: March 23, 2016
27.	L2h.exe	6c06ccf468a5b114d5236eee282a391a	10
Name: L2h.exe MD5: 6c06ccf468a5b114d5236eee282a391a Size: 441.68 KB (441685 bytes) Detections: 10 Type: Executable File Path: %PROGRAMFILES%\ver2OffersWizard Group: Malware file Last Updated: March 23, 2016

More files

Registry Details

OffersWizard may create the following registry entry or registry entries:

Regexp file mask

%WINDIR%\SysWOW64\hfnapi.dll

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OffersWizard update

Software\OffersWizard

SYSTEM\ControlSet001\Enum\Root\LEGACY_NETHFDRV

SYSTEM\ControlSet001\services\nethfdrv

SYSTEM\ControlSet001\services\NetHttpService

SYSTEM\ControlSet002\Enum\Root\LEGACY_NETHFDRV

SYSTEM\ControlSet002\services\nethfdrv

SYSTEM\ControlSet002\services\NetHttpService

SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETHFDRV

SYSTEM\CurrentControlSet\services\nethfdrv

SYSTEM\CurrentControlSet\services\NetHttpService

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

inethnfd

OffersWizard

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

OffersWizard

Threat Scorecard

EnigmaSoft Threat Scorecard

OffersWizard Uses Its 'Magical Powers' to Favor Its Creators

Aliases

SpyHunter Detects & Remove OffersWizard

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen