PUP.SupTab

PUP.SupTab Description

SupTab is a suspicious application, involved in various adware activities. HpUI.exe is the main executable file running the SupTab program. The developers of SupTab advertise it as a tool that will improve your browsing experience. In fact, this is a Potentially Unwanted Program that may not be as a valuable addition to your system as its authors claim. One of the first symptoms that should make you doubt the legitimacy of this program is that HpUI.exe probably just "appeared’ on your system. The applications run by this executable file, may become annoying to you by consistently showing advertisements to sponsored websites. Although at first sight this program doesn't seem to be very threatening, it is the additional programs, coming along SupTab that pose a greater risk.

How is SupTab Distributed?

SupTab has an official Web page but rarely do users download the program from there. It usually installs into their system in the form of a bundle. This is a very common distribution method for Potentially Unwanted Programs. There are many paid computer programs over the Internet, but sometimes people decide to avoid paying and download a free software. Usually, these freeware programs are not only less efficient than their paid rivals, but come along with some additional applications. As a typical Potentially Unwanted Program, SupTab may use certain ways of distribution, such as rogue Flash or Java update pages or fake video codecs, ‘required’ to watch videos online.
If you cannot recall intentionally installing the SupTab, most likely it relied on one of these methods.

What Makes SupTab a Potentially Unwanted Program?

HpUI.exe is the driving file for SupTab (also known as Lightning new tab) or Search Protect. These applications are promoted on many websites as helpful extensions for Internet Explorer, which means that at the moment they are not applicable to other Web browsers such as Google Chrome or Mozilla Firefox. They may be known by other names as well but eventually it is the same program. In case you can find HpUI.exe on your system, but there is no sign of SupTab, Lightning new tab or Search Protect, you certainly have another program, related to them.

HpUI.exe and SupTab are not classified as threatening. They may have annoying results, but the consequences from them will not be devastating to the system. Any program you have on your computer uses the system resources, so you may find your PC slower than usual, and there are even reports of system crashes. However, the real problem is that they often come bundled with other programs that may turn out to be harmful. One of these additional programs is a browser hijacker that often leads to Awesomehp.com which should always be taken seriously. Awesomehp browser hijacker may collect browsing information, redirect you to suspicious sites and slow down your browsing speed. Your homepage may be modified. Awesomehp.com will certainly use different methods to avoid detecting and removing. This browser hijacker may add an extension with the name IETabPage Class, which in turn will be very difficult to remove because the Internet Explorer settings are already modified.

Another threat that may appear as a result of HpUI.exe is the iStart123.com browser hijacker. It is operated by a Chinese company and promotes all kinds of junkware, in the meantime modifying and slowing your browser. There are several other hijackers, associated with HpUI.exe as well. Considering this, you can look at the process HpUI.exe as a sign of a threat currently present in your system.

What can You do Against HpUI.exe?

To avoid downloading HpUI.exe and installing any of the programs it manages, computer security experts advise to be extremely careful when you search a software over the Internet. Take your time to check the legitimacy of the sites you intend to download from. Always read every page of the installation process to see if there is some additional software along your desired one. If you find any, uncheck it and safely continue the installation process.

If you already have SupTab or HpUI.exe present in your system, it is of crucial importance to remove it as soon as possible. However, you cannot remove HpUI.exe without taking actions against the applications that are run by it - like SupTab and Search Protect. They must all be removed simultaneously and completely. This is why the best option is to use a special anti-malware program that will be capable of quickly and efficiently removing SupTab or HpUI.exe and all files and programs associated with it. Also, when the special anti-malware program performs a full system scan, you will see whether there are other threats. Moreover, you will be safeguarded in the future from other Potentially Unwanted Programs and other threats.

Aliases: Win32/ELEX.BM, Adware.Mutabaha.107 [DrWeb], Suspicious_GEN.F47V0116, a variant of Win32/Thinknice.B, PUA.Win32.XTab.81, ADWARE/Adware.Gen, Generic PUA IJ [Sophos], Artemis [McAfee-GW-Edition], Win32:SupTab-G [Adw] [Avast], DoS-Trojan ( 2005a7b21 ), Artemis!C30458159AED [McAfee], Generic Suspicious [Panda], GrayWare[AdWare:not-a-virus]/Win32.SearchProtect [Antiy-AVL], AdWare/SearchProtect.f and not-a-virus:AdWare.Win32.SearchProtect.ky [Kaspersky].

Technical Information

File System Details

PUP.SupTab creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES(x86)%\SupTab\Loader64.exe 73,216 09b9b6c0f8277a86cc8f4d66aeaab762 2,858
2 \??\C:\Program Files\SupTab\cfgdrv32.cfg 24,280 ad0d1330d9c9ceacb08069d2e573897d 2,512
3 %PROGRAMFILES(x86)%\XTab\HPNotify.exe 673,936 992febdaa047ea93b8f0290009935bf2 2,484
4 %PROGRAMFILES%\STab\ProtectService.exe 158,864 1f0def6d5e9c38808f276149bff20b49 1,628
5 %TEMP%\3829637\3829637.zipDir\tmp\SupTab_v5.8.8.496.exe 2,493,320 a801fe37bb3729862b67fd8a752b55aa 368
6 \??\C:\Program Files (x86)\SupTab\cfgdrv64.cfg 30,424 d1df98d570b57f932ccb2acdf1c11939 283
7 %TEMP%\D7AF3488-7D5B-41ae-A664-CA5E17C648FC[i]\1.zipDir\tmp\SupTab_v5.8.8.777_noblank.exe 2,643,848 f3fb2b89707be53d0ccf4b909c0801b2 205
8 %TEMP%\1DFABDE9-70EE-4a64-B247-2738BA2CEEAC[i]\1DFABDE9-70EE-4a64-B247-2738BA2CEEAC.zipDir\tmp\SupTab_ns_v5.8.8.640.exe 2,496,512 d549db22a9e1aba82a5a647fe32306dc 147
9 %PROGRAMFILES%\XTab\cmdshell.exe 48,272 e4f934bd4fd4eeed10845f9e180b3972 71
10 %TEMP%\158AF40F-387C-4D75-B9F1-9186769876B9mp\tmp\XTab_4.0.2.1716.exe 2,463,384 55bae15d523e4fabaa551023703d3fd9 71
11 %TEMP%\Wtmp9095529\tmp\STab_Down.exe 105,472 72d8d510f875ebcc855710969c093cbe 71
12 %PROGRAMFILES%\SupTab\search~1.dll 94,088 2c9e81c9536a314737c6711234f96421 66
13 %PROGRAMFILES%\SupTab\RSHP.exe 443,784 37f2cc2a13a2576f1aa2cba1ebc7f512 42
14 %TEMP%\~dl6A08\lxwsh\tmp\XTab_Setup1998.exe 2,571,576 415d34e187876e93a9959ab04563aa12 40
15 %TEMP%\DB3949E3-1836-49c6-8D71-B7FDB5CEF329[w]\DB3949E3-1836-49c6-8D71-B7FDB5CEF329.zipDir\tmp\SupTab_v5.8.8.640.exe 2,563,464 0abe3c3df43f605eb91fa47610ffc83d 19
16 %TEMP%\158AF40F-387C-4D75-B9F1-9186769876B9mp\tmp\SupTab_v5.8.8.1580_noblank_amy.exe 2,629,504 dafaa5e11f20a4a11f50f90ec7bddafc 18
17 %TEMP%\16110582\16110582.zipDir\tmp\SupTab_v5.8.8.619.exe 2,676,616 c8b1b2053e6333ca6e8e15461dbbb30c 8
18 %TEMP%\7E82590C-48C6-48BD-9DBB-BDCC68C3CBB8[i]\tmp\SupTab_v5.8.8.865_noblank.exe 2,598,824 e6b1e1bc352ba71298ae10d2958b9d50 8
19 %TEMP%\Wtmp3602577\tmp\STab_v4.0.exe 2,646,016 684ce32af59ccba1cc2954b5b369e364 6
20 %TEMP%\418FDC53-0734-447f-8C1F-81B9497C5431[u]\1.zipDir\tmp\SupTab_v5.8.8.749_noblank.exe 2,526,088 938786491250b6c7aa2b0a9570224890 3
21 %TEMP%\7E82590C-48C6-48BD-9DBB-BDCC68C3CBB8[i]\tmp\SupTab_v5.8.8.864_noblank.exe 2,598,808 0b794323677b724a87f5eac14ae998c0 3
22 %TEMP%\wtmp\A630A478653E485d8B31E589D87F2CD7\XTab.exe 2,571,976 da5ef50c598c700600eea8f470aa5ea7 3
23 %TEMP%\355401\355401.zipDir\tmp\SupTab_Setup448.exe 2,991,720 a40cf21502c1dbc9bafb22172100874a 2
24 %TEMP%\t7145FFC5-EF2C-4750-9CC6-B934D573F69Bmp\tmp\SupTab_v5.8.8.777_noblank_amy.exe 2,626,528 571fdf3d30fd80191dd511e5116a3c14 2
25 %TEMP%\Wtmp297556\tmp\XTab_v4.0.exe 2,567,784 15107663ac8777f3e99e9609f78d8f95 2
26 %TEMP%\Wtmp552652667\tmp\XTab_Setup1987.exe 2,572,024 22dc5bc0d2d27d0ad01ac18546fc21b2 2
27 %TEMP%\SupIeTemp\3B7BA4C1ECB74acdA893D43A5D4EC1C2\SupTab.exe 687,959 94708e021cbeb4274147a1f365c96c66 1
More files

Registry Details

PUP.SupTab creates the following registry entry or registry entries:
Directory
%ALLUSERSPROFILE%\Application Data\IePluginService
%ALLUSERSPROFILE%\Application Data\IePluginServices
%ALLUSERSPROFILE%\IePluginService
%ALLUSERSPROFILE%\IePluginServices
%APPDATA%\SupTab
%APPDATA%\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG\{2E089831-61B1-4CF2-8553-300574316F09}_DIYIGE
%PROGRAMFILES%\MiniLite
%PROGRAMFILES%\MiuiTab
%PROGRAMFILES%\STab
%PROGRAMFILES%\SupTab
%PROGRAMFILES%\XTab
%PROGRAMFILES(x86)%\MiniLite
%PROGRAMFILES(x86)%\MiuiTab
%PROGRAMFILES(x86)%\STab
%PROGRAMFILES(x86)%\SupTab
%PROGRAMFILES(x86)%\XTab
%UserProfile%\SupTab
Registry key
SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Software\Microsoft\Internet Explorer\Approved Extensions\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Software\Microsoft\Internet Explorer\Approved Extensions\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Software\Microsoft\Internet Explorer\Approved Extensions\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Mozilla\Firefox\Extensions\fftoolbar2014@etech.com
SOFTWARE\SupDp
Software\SupHpUISoft
SOFTWARE\supTab
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\fftoolbar2014@etech.com
SOFTWARE\Wow6432Node\SupDp
SOFTWARE\Wow6432Node\supTab
SYSTEM\ControlSet001\services\eventlog\Application\IePluginService
SYSTEM\ControlSet001\services\eventlog\Application\IePluginServices
SYSTEM\ControlSet001\services\IePluginService
SYSTEM\ControlSet001\services\IePluginServices
SYSTEM\ControlSet002\services\eventlog\Application\IePluginService
SYSTEM\ControlSet002\services\eventlog\Application\IePluginServices
SYSTEM\ControlSet002\services\IePluginService
SYSTEM\ControlSet002\services\IePluginServices
SYSTEM\CurrentControlSet\services\eventlog\Application\IePluginService
SYSTEM\CurrentControlSet\services\eventlog\Application\IePluginServices
SYSTEM\CurrentControlSet\services\IePluginService
SYSTEM\CurrentControlSet\services\IePluginServices
CLSID
{1F91A9A1-01BA-4c81-863D-3BA0751E1419}
{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
{917CAAE9-DD47-4025-936E-1414F07DF5B8}
{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Uninstaller
IePlugins
SupTab
XTab

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.