What is Social Reviewer?
The Malwarebytes research team has determined that Social Reviewer is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Social Reviewer?
You may see these warnings during install:
this entry in your list of installed programs:
and this icon on your desktop and in your startmenu:
How did Social Reviewer get on my computer?
Adware applications use different methods for distributing themselves. This particular one was offered as social media related software.
How do I remove Social Reviewer?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to:
Launch Malwarebytes Anti-Malware - Then click Finish.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- If an update is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes Social Reviewer completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Social Reviewer adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late.
The web protection module also blocks some of the connections the installer tries to make:
Technical details for experts
Possible signs in FRST logs:
C:\Users\Public\Desktop\Social Reviewer.lnk C:\Users\{username}\AppData\Roaming\SocialReviewer C:\ProgramData\SocialReviewer C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social Reviewer SocialReviewer (HKLM-x32\...\SocialReviewer) (Version: 3.0.87 - Sunny Apps)Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social Reviewer Adds the file Social Reviewer FAQ.lnk"="8/4/2016 8:30 AM, 1385 bytes, A Adds the file Social Reviewer.lnk"="8/4/2016 8:30 AM, 1947 bytes, A Adds the file Uninstall Social Reviewer.lnk"="8/4/2016 8:30 AM, 1728 bytes, A Adds the folder C:\ProgramData\SocialReviewer Adds the file Newtonsoft.Json.dll"="8/4/2016 8:30 AM, 503296 bytes, A Adds the file SocialReviewer.exe"="8/4/2016 8:30 AM, 540072 bytes, A Adds the file SocialReviewer.exe.config"="8/4/2016 8:30 AM, 510 bytes, A Adds the file SocialReviewer.ico"="8/4/2016 8:30 AM, 85182 bytes, A Adds the file System.Data.SQLite.dll"="8/4/2016 8:30 AM, 290816 bytes, A Adds the file uninstall.exe"="8/4/2016 8:30 AM, 629672 bytes, A Adds the file uninstall.exe.config"="8/4/2016 8:30 AM, 168 bytes, A Adds the folder C:\ProgramData\SocialReviewer\x86 Adds the file SQLite.Interop.dll"="8/4/2016 8:30 AM, 854528 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\SocialReviewer Adds the file FriendsDb.sqlite"="8/4/2016 8:30 AM, 7168 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Social Reviewer.lnk"="8/4/2016 8:30 AM, 1959 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}] "id"="REG_SZ", "ad0b9df00dcf45efb6012ade9ce79b5b" "p"="REG_SZ", "251209" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddafa49f-ef12-c567-60e0-0a1f11911d8c}] "id"="REG_SZ", "ad0b9df00dcf45efb6012ade9ce79b5b" "ip"="REG_SZ", "251209" "p"="REG_SZ", "251209" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}] "id"="REG_SZ", "ad0b9df00dcf45efb6012ade9ce79b5b" "p"="REG_SZ", "251209" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ddafa49f-ef12-c567-60e0-0a1f11911d8c}] "id"="REG_SZ", "ad0b9df00dcf45efb6012ade9ce79b5b" "ip"="REG_SZ", "251209" "p"="REG_SZ", "251209" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SocialReviewer] "DisplayIcon"="REG_SZ", "C:\ProgramData\SocialReviewer\SocialReviewer.ico" "DisplayName"="REG_SZ", "SocialReviewer" "DisplayVersion"="REG_SZ", "3.0.87" "EstimatedSize"="REG_DWORD", 5000 "HelpLink"="REG_SZ", "http://www.socialreviewer.com/about.html" "InstallDate"="REG_SZ", "8/4/2016" "Publisher"="REG_SZ", "Sunny Apps" "UninstallString"="REG_SZ", ""C:\ProgramData\SocialReviewer\uninstall.exe""Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/4/2016 Scan Time: 8:40 AM Logfile: mbamSocialReviewer.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.08.04.02 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 316463 Time Elapsed: 9 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [937f2621584291a58a617c1740c2df21], PUP.Optional.WebSteroids, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [937f2621584291a58a617c1740c2df21], PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [937f2621584291a58a617c1740c2df21], PUP.Optional.SocialReviewer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SocialReviewer, Quarantined, [dd3594b3acee072fd779dce6c83c8f71], Registry Values: 1 PUP.Optional.PullUpdate, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SocialReviewer.exe, 11000, Quarantined, [d24073d4b1e905317ac7764d3cc8a060] Registry Data: 0 (No malicious items detected) Folders: 4 PUP.Optional.PullUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social Reviewer, Quarantined, [26ec37109505e74f49fe7e4543c19967], PUP.Optional.PullUpdate, C:\Users\{username}\AppData\Roaming\SocialReviewer, Quarantined, [af63e3640298f046d870982b16ee5ba5], PUP.Optional.PullUpdate, C:\ProgramData\SocialReviewer, Quarantined, [0f037bcc9703c1750445636039cb718f], PUP.Optional.PullUpdate, C:\ProgramData\SocialReviewer\x86, Quarantined, [0f037bcc9703c1750445636039cb718f], Files: 14 PUP.Optional.PullUpdte, C:\ProgramData\SocialReviewer\SocialReviewer.exe, Quarantined, [868c7ccbcdcdd06645932a4e8a7714ec], PUP.Optional.SocialReviewer, C:\ProgramData\SocialReviewer\uninstall.exe, Quarantined, [dd3594b3acee072fd779dce6c83c8f71], PUP.Optional.SocialReviewer, C:\Users\{username}\Desktop\SPsetup.exe, Quarantined, [888aae992377c373eb65289a18ecce32], PUP.Optional.PullUpdate, C:\Users\Public\Desktop\Social Reviewer.lnk, Quarantined, [df33db6c81192c0a66d911b2f41021df], PUP.Optional.PullUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social Reviewer\Uninstall Social Reviewer.lnk, Quarantined, [26ec37109505e74f49fe7e4543c19967], PUP.Optional.PullUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social Reviewer\Social Reviewer FAQ.lnk, Quarantined, [26ec37109505e74f49fe7e4543c19967], PUP.Optional.PullUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social Reviewer\Social Reviewer.lnk, Quarantined, [26ec37109505e74f49fe7e4543c19967], PUP.Optional.PullUpdate, C:\Users\{username}\AppData\Roaming\SocialReviewer\FriendsDb.sqlite, Quarantined, [af63e3640298f046d870982b16ee5ba5], PUP.Optional.PullUpdate, C:\ProgramData\SocialReviewer\uninstall.exe.config, Quarantined, [0f037bcc9703c1750445636039cb718f], PUP.Optional.PullUpdate, C:\ProgramData\SocialReviewer\Newtonsoft.Json.dll, Quarantined, [0f037bcc9703c1750445636039cb718f], PUP.Optional.PullUpdate, C:\ProgramData\SocialReviewer\SocialReviewer.exe.config, Quarantined, [0f037bcc9703c1750445636039cb718f], PUP.Optional.PullUpdate, C:\ProgramData\SocialReviewer\SocialReviewer.ico, Quarantined, [0f037bcc9703c1750445636039cb718f], PUP.Optional.PullUpdate, C:\ProgramData\SocialReviewer\System.Data.SQLite.dll, Quarantined, [0f037bcc9703c1750445636039cb718f], PUP.Optional.PullUpdate, C:\ProgramData\SocialReviewer\x86\SQLite.Interop.dll, Quarantined, [0f037bcc9703c1750445636039cb718f], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention