How to remove $RH4S28I.sys

» File
File Details
Overview
Analysis

$RH4S28I.sys

The module $RH4S28I.sys has been detected as Adware.Deals

$RH4S28I.sys

Remove $RH4S28I.sys

File Details

Main Info:

MD5:	4168431abbfc8db85e443ab5f5cba4b3
Size:	14 KB
First Published:	2017-06-07 12:13:05 (7 years ago)
Latest Published:	2018-11-17 01:10:28 (6 years ago)

Analysis:

Status:	Adware.Deals (on last analysis)
Analysis Date:	2018-11-17 01:10:28 (6 years ago)

Overview

Digital Signature

Signed By:	Local Internet LTD
Status:	Valid

Common Places:

%programfiles%\ubar

%sysdrive%\adwcleaner\quarantine\files\gldaruzhouqbxujbokshpvpwjhcbvovy

%sysdrive%\$recycle.bin\s-1-5-21-1389807301-3271064420-3744352535-1001

%programfiles%

%sysdrive%\adwcleaner\quarantine

File Names:

UbarDriver.sys

$RH4S28I.sys

Geography:

	40.0%
	20.0%
	10.0%
	10.0%
	10.0%
	5.0%
	5.0%

OS Version:

Windows 8.1	42.9%
Windows 8	33.3%
Windows 10	23.8%

Analysis

PE Info:

Subsystem:	Native
PE Type:	pe
OS Bitness:	64
Image Base:	0x0000000140000000
Entry Address:	0x0000127c

PE Sections:

Name	Size of data	MD5
.text	1024	f9c3a30422aba82f6fadcaab689afa69
.rdata	1024	d03b142b5ea35873cef2aa953baab0de
.data	512	1a64977a681ccfaf018cade151d3ae9a
.pdata	512	fecc7ea9a8ef21d924a4b73a497629f3
INIT	1024	1d442af4a3fa902cb783c09832ea26ff
.reloc	512	91120fd64cfadfd090a230273679e3b9

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for $RH4S28I.sys

copyright for information about $RH4S28I.sys