PUP.SupTab

PUP.SupTab Description

SupTab is a suspicious application, involved in various adware activities. HpUI.exe is the main executable file running the SupTab program. The developers of SupTab advertise it as a tool that will improve your browsing experience. In fact, this is a Potentially Unwanted Program that may not be as a valuable addition to your system as its authors claim. One of the first symptoms that should make you doubt the legitimacy of this program is that HpUI.exe probably just "appeared’ on your system. The applications run by this executable file, may become annoying to you by consistently showing advertisements to sponsored websites. Although at first sight this program doesn't seem to be very threatening, it is the additional programs, coming along SupTab that pose a greater risk.

How is SupTab Distributed?

SupTab has an official Web page but rarely do users download the program from there. It usually installs into their system in the form of a bundle. This is a very common distribution method for Potentially Unwanted Programs. There are many paid computer programs over the Internet, but sometimes people decide to avoid paying and download a free software. Usually, these freeware programs are not only less efficient than their paid rivals, but come along with some additional applications. As a typical Potentially Unwanted Program, SupTab may use certain ways of distribution, such as rogue Flash or Java update pages or fake video codecs, ‘required’ to watch videos online.
If you cannot recall intentionally installing the SupTab, most likely it relied on one of these methods.

What Makes SupTab a Potentially Unwanted Program?

HpUI.exe is the driving file for SupTab (also known as Lightning new tab) or Search Protect. These applications are promoted on many websites as helpful extensions for Internet Explorer, which means that at the moment they are not applicable to other Web browsers such as Google Chrome or Mozilla Firefox. They may be known by other names as well but eventually it is the same program. In case you can find HpUI.exe on your system, but there is no sign of SupTab, Lightning new tab or Search Protect, you certainly have another program, related to them.

HpUI.exe and SupTab are not classified as threatening. They may have annoying results, but the consequences from them will not be devastating to the system. Any program you have on your computer uses the system resources, so you may find your PC slower than usual, and there are even reports of system crashes. However, the real problem is that they often come bundled with other programs that may turn out to be harmful. One of these additional programs is a browser hijacker that often leads to Awesomehp.com which should always be taken seriously. Awesomehp browser hijacker may collect browsing information, redirect you to suspicious sites and slow down your browsing speed. Your homepage may be modified. Awesomehp.com will certainly use different methods to avoid detecting and removing. This browser hijacker may add an extension with the name IETabPage Class, which in turn will be very difficult to remove because the Internet Explorer settings are already modified.

Another threat that may appear as a result of HpUI.exe is the iStart123.com browser hijacker. It is operated by a Chinese company and promotes all kinds of junkware, in the meantime modifying and slowing your browser. There are several other hijackers, associated with HpUI.exe as well. Considering this, you can look at the process HpUI.exe as a sign of a threat currently present in your system.

What can You do Against HpUI.exe?

To avoid downloading HpUI.exe and installing any of the programs it manages, computer security experts advise to be extremely careful when you search a software over the Internet. Take your time to check the legitimacy of the sites you intend to download from. Always read every page of the installation process to see if there is some additional software along your desired one. If you find any, uncheck it and safely continue the installation process.

If you already have SupTab or HpUI.exe present in your system, it is of crucial importance to remove it as soon as possible. However, you cannot remove HpUI.exe without taking actions against the applications that are run by it - like SupTab and Search Protect. They must all be removed simultaneously and completely. This is why the best option is to use a special anti-malware program that will be capable of quickly and efficiently removing SupTab or HpUI.exe and all files and programs associated with it. Also, when the special anti-malware program performs a full system scan, you will see whether there are other threats. Moreover, you will be safeguarded in the future from other Potentially Unwanted Programs and other threats.

Aliases: Win32/ELEX.BM [ESET-NOD32], Adware.Mutabaha.107 [DrWeb], Suspicious_GEN.F47V0116 [TrendMicro-HouseCall], GrayWare[AdWare:not-a-virus]/Win32.SearchProtect [Antiy-AVL], AdWare/SearchProtect.f [Jiangmin], not-a-virus:AdWare.Win32.SearchProtect.ky [Kaspersky], Suspicious_GEN.F47V0110 [TrendMicro-HouseCall], Suspicious_GEN.F47V0109 [TrendMicro-HouseCall], WS.Reputation.1 [Symantec], PUP.Optional.XTab.A [Malwarebytes], Generic Suspicious [Panda], Artemis!C30458159AED [McAfee], a variant of Win32/Thinknice.B [ESET-NOD32], PUA.Win32.XTab.81 [Baidu-International] and ADWARE/Adware.Gen [Avira].

Infected with PUP.SupTab? Scan Your PC

Download SpyHunter's Spyware Scanner
to Detect PUP.SupTab
* SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of PUP.SupTab outbreaks and other threats from global to local level.

File System Details

PUP.SupTab creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\OneTab\OneTab.dll 69,632 292675a88750941e32582debbd631107 2,949
2 %TEMP%\158AF40F-387C-4D75-B9F1-9186769876B9mp\tmp\STab_Down_6.0.6.8.exe 111,280 0a1d8c442bf10ba569bc89cf7dfc3855 2,668
3 \??\C:\Program Files\SupTab\cfgdrv32.cfg 24,280 ad0d1330d9c9ceacb08069d2e573897d 2,490
4 %PROGRAMFILES(x86)%\SupTab\Loader64.exe 73,216 09b9b6c0f8277a86cc8f4d66aeaab762 1,894
5 %PROGRAMFILES%\STab\cmdshell.exe 25,232 387ff785adaf966317cffb0713f259d8 1,358
6 %PROGRAMFILES%\STab\HPNotify.exe 672,400 ca0bf169b55860c1278ff809bbe7687d 1,340
7 %TEMP%\3829637\3829637.zipDir\tmp\SupTab_v5.8.8.496.exe 2,493,320 a801fe37bb3729862b67fd8a752b55aa 367
8 \??\C:\Program Files (x86)\SupTab\cfgdrv64.cfg 30,424 d1df98d570b57f932ccb2acdf1c11939 264
9 %ALLUSERSPROFILE%\IePluginService\PluginService.exe 505,288 208d7d60349fd7ac9c491973877949a9 241
10 %TEMP%\D7AF3488-7D5B-41ae-A664-CA5E17C648FC[i]\1.zipDir\tmp\SupTab_v5.8.8.777_noblank.exe 2,643,848 f3fb2b89707be53d0ccf4b909c0801b2 189
11 %TEMP%\1DFABDE9-70EE-4a64-B247-2738BA2CEEAC[i]\1DFABDE9-70EE-4a64-B247-2738BA2CEEAC.zipDir\tmp\SupTab_ns_v5.8.8.640.exe 2,496,512 d549db22a9e1aba82a5a647fe32306dc 144
12 %TEMP%\~dlF\~dljyb\tmp\STab_Down.exe 105,792 753598be1f4835c69979624c95bab48b 115
13 %TEMP%\7E82590C-48C6-48BD-9DBB-BDCC68C3CBB8[i]\tmp\SupTab_v5.8.8.777_noblank_amy.exe 2,626,528 65168093aa74504f0f7eb2d8661ec536 90
14 %TEMP%\~dlEC51\~dljyb\tmp\STab_v4.0.exe 2,611,776 616bb60a3d405fa75107e984aaaca47e 55
15 %PROGRAMFILES%\SupTab\search~1.dll 94,088 2c9e81c9536a314737c6711234f96421 35
More files

Registry Details

PUP.SupTab creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
SOFTWARE\supTab
SOFTWARE\Wow6432Node\supTab
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
SYSTEM\ControlSet002\services\IePluginService
SYSTEM\ControlSet002\services\eventlog\Application\IePluginService
SYSTEM\ControlSet001\services\IePluginService
SYSTEM\ControlSet001\services\eventlog\Application\IePluginService
Software\Microsoft\Internet Explorer\Approved Extensions, value: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SYSTEM\CurrentControlSet\services\IePluginServices
SYSTEM\ControlSet002\services\eventlog\Application\IePluginServices
SYSTEM\ControlSet001\services\IePluginServices
SYSTEM\ControlSet001\services\eventlog\Application\IePluginServices
SOFTWARE\Wow6432Node\SupDp
SOFTWARE\SupDp
SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions, value: fftoolbar2014@etech.com
SOFTWARE\Mozilla\Firefox\Extensions, value: fftoolbar2014@etech.com
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved, value: {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
IePlugins
STab
XTab
The following CLSID's were found:
HKEY..\..\{CLSID Path}
{1F91A9A1-01BA-4c81-863D-3BA0751E1419}
{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 6 + 7 ?