Should I remove Firewall Host?

What percent of users and experts removed it?

75% remove it25% keep it

Overall Sentiment

Bad

What do people think about it?

(click star to rate)

How common is it?

Reach 0.0002%

Versions

Version	Distribution
1.0.0.0	100.00%

Firewall Host

Remove Firewall Host

What is Firewall Host?

This is a WinCheck/CMI (variant) adware/browser hijacker variant that injects code into the user's web browser (IE, Chrome and Firefox). It is known as an ad-injector, a malicious process that once inside the web browser will hijack existing advertisements of underlying web sites (not associated with the website itself). It will also inject new ads in white space on the site or images that have standard banner sizes. These ads are typically for promoting shopping discount coupons, ads for PC optimizers or bundled PUP offers, or malvertising since it runs on sketchy ad networks.This runs as a startup process called WinCheck in the user's startup registry (Run key) and will execute each time the computer is restarted and the user logs in.

How do you know if you are infected? First, if you have this program installed then this adware is most likely still running. Next, you see ads in the browser that say something like "Ads by WinCheck".

Overview

During setup, the program creates a startup registration point in Windows in order to automatically start when any user boots the PC. The primary executable is named bnsma78b.exe. A majority of users end up uninstalling this less than a week of it being installed.

Malware detected in the program
Automatically starts with Windows
Displays unwanted advertisements
The experts agree, you should remove it!

Warning, multiple anti-virus scanners have detected possible malware in Firewall Host.

bnsma78b.exe (933944713a600125313b9473a74869f8) has been flagged by the following 10 scanners:
Anti-Virus software	Version	Detection
Lavasoft Ad-Aware	537	Application.Generic.1261978
Baidu-International	4.0.3.15816	Adware.Win32.ConvertAd.77
Bitdefender	1.0.20.1140	Application.Generic.1261978
ESET-NOD32	9.11578	a variant of Win32/Adware.ConvertAd.DZ
Fortinet FortiGate	8/16/2015	Riskware/ConvertAd
F-Secure	11.2015-16-08_1	Application.Generic.1261978
G Data	15.8.25	Application.Generic.1261978
MicroWorld-eScan	16.0.0.684	Application.Generic.1261978
Panda Antivirus	15.08.16.05	Trj/Genetic.gen
Symantec	8/16/2015 rev. 1	WS.Reputation

Program details

Installation folder: C:\users\user\appdata\local\25aed301-1427296683-11cb-89fe-da805d15d626

Uninstaller: "C:\users\user\appdata\Local\25AED301-1427296683-11CB-89FE-DA805D15D626\uninstall.exe"

Files installed by Firewall Host

Program executable:	bnsma78b.exe (Malware detected)
Path:	C:\users\user\appdata\local\25aed301-1427296683-11cb-89fe-da805d15d626\bnsma78b.exe
MD5:	933944713a600125313b9473a74869f8

Additional files:

Uninstall.exe

Behaviors exhibited

Startup File (All Users Run)

bnsmA78B.exe is loaded in the all users (HKLM) registry as a startup file name 'WinCheck' which loads as C:\users\user\appdata\Local\34444335-1427299171-5A35-5744-8CDCD483906B\bnst27F4.exe.

How do I remove Firewall Host?

You can uninstall Firewall Host from your computer by using the Add/Remove Program feature in the Window's Control Panel.

On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:

Windows Vista/7/8/10: Click Uninstall a Program.
Windows XP: Click Add or Remove Programs.

When you find the program Firewall Host, click it, and then do one of the following:

Windows Vista/7/8/10: Click Uninstall.
Windows XP: Click the Remove or Change/Remove tab (to the right of the program).

Follow the prompts. A progress bar shows you how long it will take to remove Firewall Host.
If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.