WeDownload Manager

WeDownload Manager Description

WeDownload Manager is a potentially unwanted program that targets all web browsers that are installed on the compromised PC. WeDownload Manager may trace the affected web user's Internet surfing activities, display annoying pop-up advertisements and result in irritating diversions to misleading advertisement websites. WeDownload Manager may make target computer users visit associated websites and display pop-up advertisements that contain sponsored links. WeDownload Manager does not ask an authorization of the PC user to access the affected PC. WeDownload Manager usually comes packed together with freeware and shareware applications that Internet user can download online. WeDownload Manager makes modifications to the corrupted PC that may additionally result in annoying browser diversions and slow downs of the PC.

Technical Information

File System Details

WeDownload Manager creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES%\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe 732,160 a2918c919e580f67f59f8e0fed1cdb2e 1,313
2 %PROGRAMFILES(x86)%\The weDownload Manager\The weDownload Manager-bho64.dll 969,216 a382f8fdbcaf7fb150ec1cf44927827f 819
3 %PROGRAMFILES(x86)%\weDownload Manager Pro\weDownload Manager Pro-bho64.dll 954,368 12bccfeb042ceff8ca76163ca90879fe 538
4 %PROGRAMFILES(x86)%\The weDownload\The weDownload-bho64.dll 969,216 bba1269db0f7a2a5f08bf170c949515a 398
5 %PROGRAMFILES(x86)%\weDownload Manager\weDownload Manager-bho64.dll 962,048 59d56091d43d2c2e5a8b1d30df9e2f07 194
6 K:\ASUS Computer\C Drive\WIN7\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\Uninstall.exe.vir\Uninstall.exe.vir 77,312 9210278b851e819616315d27efaf4e65 179
7 K:\ASUS Computer\C Drive\WIN7\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil64.exe.vir\weDownload Manager Pro-buttonutil64.exe.vir 429,056 25a184594d6fe9f1ad723e3513e024b7 29
8 %PROGRAMFILES(x86)%\weDownload Manager\weDownload Manager-buttonutil.exe 338,944 e180aec45afeb893c41d645db75f5f9a 5
9 %PROGRAMFILES%\weDownload Manager\weDownload Manager-chromeinstaller.exe 610,223 cf73f4209effc03b0553874bf6c5a2e8 5
10 %PROGRAMFILES%\weDownload Manager\weDownload Manager-codedownloader.exe 637,357 900d30f21f0b5fb451954eb637168784 5
11 %PROGRAMFILES%\weDownload Manager\weDownload Manager-enabler.exe 472,086 b5bedcd0bfd072988f69d1acf58a1829 5
12 %PROGRAMFILES%\weDownload Manager\weDownload Manager-firefoxinstaller.exe 848,289 de507769bcca3d6e75efaf117289f335 5
13 %PROGRAMFILES%\weDownload Manager\weDownload Manager-updater.exe 516,995 7b47b989ac3890667904f89fca0e55e2 5
14 %USERPROFILE%\Documents\Downloads\1382606548_wedownload_manager_pro.exe 5,573,633 cabc2a3414c7dc76b37498107d47234c 4
15 %PROGRAMFILES%\weDownload Manager\weDownload Manager-bho.dll 715,158 2b6df225da5bfa404728a806d812a3c9 4
16 %PROGRAMFILES(x86)%\wedownload manager pro\wedownload manager pro-buttonutil64.exe 450,560 827e689ce764c583778c489108e6067f 3
17 %PROGRAMFILES(x86)%\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe 573,440 71ac7af478afafb0fd1a39154262e373 2
18 %PROGRAMFILES(x86)%\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe 519,680 e7b6574e3f2bc29f351b8195937cdc55 2
19 %PROGRAMFILES%\The weDownload\The weDownload-chromeinstaller.exe 1,032,704 0cb6f8ddd7f7bfc102361d62381842af 2
20 %PROGRAMFILES%\The weDownload\The weDownload-codedownloader.exe 631,296 bf2946d0db5e607a50f35caffcb98993 2
21 %PROGRAMFILES%\The weDownload\The weDownload-enabler.exe 454,656 23dd2e83bbaaa16cfef012356bceb461 2
22 %PROGRAMFILES%\The weDownload\The weDownload-firefoxinstaller.exe 993,280 dcde2b71601a8f2fbb7001b924232ca7 2
23 %PROGRAMFILES%\The weDownload\The weDownload-updater.exe 452,608 ba07762fc20a05400fb67fb90d2a7be6 2
24 %PROGRAMFILES(x86)%\The weDownload\The weDownload-validator.exe 2,019,328 1f2bea10d1d58a0c08b6e2549d76d83f 2
25 %PROGRAMFILES%\weDownload Manager\weDownload Manager-helper.exe 331,264 68a5fcbace644924314e69572fd3c473 1
26 %PROGRAMFILES%\weDownload Manager Pro\weDownload Manager Pro-bho.dll 637,440 58d2fd86c09f6549429d70721078d708 1
27 %PROGRAMFILES%\wedownload manager\wedownload manager-bg.exe 765,952 0c1e8525a7f2c1a00eb85c4f14a3f4b2 1
More files

Registry Details

WeDownload Manager creates the following registry entry or registry entries:
Uninstaller
The weDownload
The weDownload Manager
weDownload
Registry key
Software\AppDataLow\Software\Crossrider\onBeforeNavigate\49072
Software\AppDataLow\Software\Crossrider\onRequest\49072
Software\AppDataLow\Software\The weDownload
Software\AppDataLow\Software\The weDownload Manager
Software\AppDataLow\Software\The weDownload\Update
Software\AppDataLow\Software\weDownload
SOFTWARE\Classes\CrossriderApp0045820.BHO
SOFTWARE\Classes\CrossriderApp0045820.BHO.1
SOFTWARE\Classes\CrossriderApp0045820.Sandbox
SOFTWARE\Classes\CrossriderApp0045820.Sandbox.1
SOFTWARE\Classes\CrossriderApp0049072.BHO
SOFTWARE\Classes\CrossriderApp0049072.BHO.1
SOFTWARE\Classes\CrossriderApp0049072.Sandbox
SOFTWARE\Classes\CrossriderApp0049072.Sandbox.1
SOFTWARE\Classes\CrossriderApp0049074.BHO
SOFTWARE\Classes\CrossriderApp0049074.BHO.1
SOFTWARE\Classes\CrossriderApp0049074.Sandbox
SOFTWARE\Classes\CrossriderApp0049074.Sandbox.1
Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload
Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager
Software\InstalledBrowserExtensions\21501
Software\InstalledBrowserExtensions\weDownload
Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110411581120}
Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110411901172}
Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{11111111-1111-1111-1111-110411901174}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08cb9b4e-1cca-4e21-a44b-cd4a7d7177ff}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b89ac14-55d3-4267-afd6-0645a40d92b8}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3fc09e11-fdbc-4523-bc73-d5ede4c2203c}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61d12012-d3af-42f1-b0f7-ed6feffa463d}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61e309e0-ddd1-4b8b-8280-83906a419e95}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{909e7b95-0cf8-4846-a707-ba4843063839}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cc4fd57f-8174-4f55-9f24-0b4e330d2eb5}
SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\The weDownload-bg.exe
SOFTWARE\Microsoft\Tracing\DownloadManager_RASAPI32
SOFTWARE\Microsoft\Tracing\DownloadManager_RASMANCS
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload-codedownloader
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload-enabler
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload-firefoxinstaller
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload-updater
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload-chromeinstaller
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload-codedownloader
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload-enabler
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload-firefoxinstaller
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload-updater
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411581120}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901172}
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411901174}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411581120}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411901172}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411581120}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411901172}
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\\{11111111-1111-1111-1111-110411901172}
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{11111111-1111-1111-1111-110411901174}
SOFTWARE\The weDownload
SOFTWARE\The weDownload Manager
Software\WeDlMngr
SOFTWARE\weDownload
Software\weDownload Ltd
SOFTWARE\Wow6432Node\InstalledBrowserExtensions\21501
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08cb9b4e-1cca-4e21-a44b-cd4a7d7177ff}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b89ac14-55d3-4267-afd6-0645a40d92b8}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3fc09e11-fdbc-4523-bc73-d5ede4c2203c}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61d12012-d3af-42f1-b0f7-ed6feffa463d}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61e309e0-ddd1-4b8b-8280-83906a419e95}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{909e7b95-0cf8-4846-a707-ba4843063839}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cc4fd57f-8174-4f55-9f24-0b4e330d2eb5}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\The weDownload-bg.exe
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411901174}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{11111111-1111-1111-1111-110411901172}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{11111111-1111-1111-1111-110411901174}
SOFTWARE\Wow6432Node\The weDownload
SOFTWARE\Wow6432Node\The weDownload Manager
SOFTWARE\Wow6432Node\weDownload
SOFTWARE\Wow6432Node\weDownload Ltd
CLSID
{11111111-1111-1111-1111-110411581120}
{11111111-1111-1111-1111-110411901172}
{11111111-1111-1111-1111-110411901174}
{22222222-2222-2222-2222-220422582220}
{22222222-2222-2222-2222-220422902272}
{22222222-2222-2222-2222-220422902274}
{44444444-4444-4444-4444-440444584420}
{44444444-4444-4444-4444-440444904472}
{44444444-4444-4444-4444-440444904474}
{55555555-5555-5555-5555-550455585520}
{55555555-5555-5555-5555-550455905572}
{55555555-5555-5555-5555-550455905574}
{66666666-6666-6666-6666-660466586620}
{66666666-6666-6666-6666-660466906672}
{66666666-6666-6666-6666-660466906674}
Directory
%APPDATA%\weDownload Ltd
%PROGRAMFILES%\The weDownload
%PROGRAMFILES%\The weDownload Manager
%PROGRAMFILES%\weDownload
%PROGRAMFILES(x86)%\The weDownload
%PROGRAMFILES(x86)%\The weDownload Manager
%PROGRAMFILES(X86)%\weDownload
%USERPROFILE%\AppData\LocalLow\weDownload

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.

By Domesticus in Malicious Toolbars
Threat Scorecard
?
The ESL Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESL Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESL Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESL Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESL Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular computer threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected Computer: The number of confirmed and suspected cases of a particular threat detected on infected computers retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected computers of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows computer users to track the geographic distribution of a particular threat throughout the world.
Threat Level: 2
Infected Computers: 70,825