84,285,534 programs installed

Should I remove lEsss2pay?

What percent of users and experts removed it?
82% remove it18% keep it
Overall Sentiment
What do people think about it?
(click star to rate)
How common is it?
Reach 0.0002%


What is lEsss2pay?

EasyPay is an adware extension that plugs into the user's web browser for IE, Chrome and Firefox and will display additional advertisements in search engines such as Bing and Google. It installs itself as an extension (BHO/plugin) and runs as a background process. This adware program creates an entry in Add or Remove Programs however removing this entry might stop the adware from running, but will not stop ads from displaying. Once installed, it displays ads by injecting new ads in search as well as various web pages that use 3rd party advertising and replaces these ads with its own. The program users the InstalleRex download manager from WebPicks Holdings to install itself on the user's PC. InstalleRex is known for distributing potentially unwanted applications including web browser toolbars and various ad-supported extensions. The software is a variant of a known adware (AKA SaveAs, SaveNShare, DownloadKeeper) but is re-branded to mask its origination although is includes many of the same components.


It adds a Browser Helper Object (BHO) to Internet Explorer. The main program executable is QdmgCoc.exe. Typically most users end up uninstalling this just after a few days. The software installer includes 8 files and is usually about 907.1 KB (928,870 bytes).
  • Possible malware installed by this program
  • Loads into the web browser
  • Injects advertisements unassociated with the underlying web page
  • The experts agree, you should remove it!
Warning, multiple anti-virus scanners have detected possible malware in lEsss2pay.
8.dll (6bdd2b931e45fa910c821a3beb07928c) has been flagged by the following 29 scanners:
Anti-Virus softwareVersionDetection
Lavasoft Ad-Aware 960 Application.Generic.604038
Agnitum Outpost 7.1.1 PUA.BHO
Antiy-AVL Trojan/Win32.TGeneric
avast! 2014.9-140620 Win32:Dropper-gen [Drp]
AVG 2015.0.3438 Generic5
Baidu-International Adware.Win32.BHO.71
Bitdefender Application.Generic.604038
Bkav FE W32.ToolbarEscort.Adware
CAT-QuickHeal AdWare.BHO.r6 (Not a Virus)
Comodo Security 18598 ApplicUnwnt.Win32.InstallRex.ALC
ESET-NOD32 8.9968 a variant of Win32/AdWare.MultiPlug.T
F-Secure 11.2014-20-06_6 Application.Generic.604038
G Data 14.6.24 Application.Generic.604038
IKARUS anti.virus t3scan. Win32.SuspectCrc
K7 AntiVirus 13.180.12463 Adware
K7GW 13.180.12463 Adware ( 004976341 )
Kaspersky not-a-virus:AdWare.Win32.BHO
Malwarebytes v2014.06.20.09 PUP.Optional.MultiPlug.A
McAfee 5600.7094 RDN/Generic PUP.x!cf3
McAfee-GW-Edition 7.7094 RDN/Generic PUP.x!cf3
MicroWorld-eScan Application.Generic.604038
NANO AntiVirus Riskware.Win32.BHO.dbdfeq
Panda Antivirus Trj/CI.A
Sophos 4.98 Generic PUA IO
Symantec 6/20/2014 rev. 6 Adware.BL
Trend Micro 10.465.20 ADW_MULTIPLUG
TrendMicro-HouseCall 7.2.171 ADW_MULTIPLUG
Vba32 AntiVirus AdWare.BHO
VIPRE Antivirus 30454 Trojan.Win32.Generic!BT
Xdx0Esfy.dll (6190b1e1116f99b1b90ff6c92e98e469) has been flagged by the following 17 scanners:
Anti-Virus softwareSoftware versionDetection
Lavasoft Ad-Aware Gen:Variant.Graftor.151279
AhnLab-V3 2014.08.16.00 Adware/Win32.Agent
AVG Generic_r.QD
AVware Trojan.Win32.Generic!BT
Baidu-International Trojan.Win32.MultiPlug.BBN
Bitdefender 7.2 Gen:Variant.Graftor.151279
Comodo Security 19199 Application.Win32.MultiPlug.AUAU
Emsisoft Anti-Malware Gen:Variant.Graftor.151279 (B)
ESET-NOD32 10264 a variant of Win32/AdWare.MultiPlug.BN
F-Secure 11.0.19100.45 Gen:Variant.Graftor.151279
G Data 24 Gen:Variant.Graftor.151279
IKARUS anti.virus T3. PUA.BHO
Malwarebytes PUP.Optional.MultiPlug
MicroWorld-eScan Gen:Variant.Graftor.151279
Rising Antivirus PE:Trojan.Win32.Generic.171C6606!387737094
TrendMicro-HouseCall 9.700.0.1001 Suspicious_GEN.F47V0809
VIPRE Antivirus 32252 Trojan.Win32.Generic!BT
Xdx0Esfy.exe (5d724dd0f11271ffbb2e18001cc352a6) has been flagged by the following 13 scanners:
Anti-Virus softwareSoftware versionDetection
Lavasoft Ad-Aware Gen:Variant.Graftor.150563
AhnLab-V3 2014.08.09.00 Trojan/Win32.Preloader
AVG Generic_r.QQ
Baidu-International Trojan.Win32.MultiPlug.BAG
Bitdefender 7.2 Gen:Variant.Graftor.150563
Emsisoft Anti-Malware Gen:Variant.Graftor.150563 (B)
ESET-NOD32 10227 a variant of Win32/AdWare.MultiPlug.AG
F-Secure 11.0.19100.45 Gen:Variant.Graftor.150563
G Data 24 Gen:Variant.Graftor.150563
IKARUS anti.virus T3. PUA.Generic
Malwarebytes PUP.Optional.MultiPlug
MicroWorld-eScan Gen:Variant.Graftor.150563
Panda Antivirus Trj/Genetic.gen
8.x64.dll (600ff6994d8cddce04773e8c738d303d) has been flagged by the following 12 scanners:
Anti-Virus softwareSoftware versionDetection
AhnLab-V3 2014.06.11.00 Trojan/Win64.Preloader
Baidu-International Adware.Win64.MultiPlug.81
Comodo Security 18507 ApplicUnwnt
ESET-NOD32 9926 a variant of Win64/Adware.MultiPlug.C
G Data 24 Win64.Adware.Megasearch.C
IKARUS anti.virus T3. AdWare.MultiPlug
Malwarebytes PUP.Optional.MultiPlug.A
McAfee RDN/Generic PUP.x!c2k
McAfee-GW-Edition 2013 RDN/Generic PUP.x!c2k
Symantec 20131.1.5.61 Adware.BL
TrendMicro-HouseCall 9.700.0.1001 TROJ_GEN.R0E6H05EU14
VIPRE Antivirus 30178 Trojan.Win32.Generic!BT
8.exe (ef38514253e4dafb6823f236bc47bb5f) has been flagged by the following 7 scanners:
Anti-Virus softwareSoftware versionDetection
AVG Generic5.AOBP
Comodo Security 17878 ApplicUnwnt
ESET-NOD32 9495 a variant of Win32/AdWare.MultiPlug.S
Malwarebytes 1.75.0001 PUP.Optional.MultiPlug.A
Qihoo-360 HEUR/Malware.QVM10.Gen
Trend Micro 9.740-1012 ADW_MULTIPLUG
TrendMicro-HouseCall 9.700-1001 ADW_MULTIPLUG
       View all 78 all detections

Program detailsProgram details

Displayed publisher: leSs2ppay
Installation folder: C:\Documents and Settings\user\Application data\lesss2pay
Uninstaller: "C:\Documents and Settings\user\Application Data\lEsss2pay\QdmgCoc.exe" /s /n /C:"ExecuteCommands;UninstallCommands" ""
Estimated size: 907.1 KB

Program filesFiles installed by lEsss2pay

Program executable:QdmgCoc.exe
Path:C:\Documents and Settings\user\Application data\lesss2pay\QdmgCoc.exe
Additional files:
  • QdmgCoc.exe (by Setup)
  • QdmgCoc.dll
  • (Malware detected) 8.dll (by large) - large (Obtaining operating database with)
  • (Malware detected) 8.exe (by system Retrieval cluster) - system Retrieval cluster (often)
  • (Malware detected) 8.x64.dll (by large)
  • (Malware detected) Xdx0Esfy.dll (by relatively multiple) - relatively multiple (these concerned fall relational UML of)
  • (Malware detected) Xdx0Esfy.exe (by Registering even users) - Registering even users (the as)
  • Xdx0Esfy.x64.dll (by relatively multiple)

Program behaviorsBehaviors exhibited

4 Internet Explorer BHOs
  • 8.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'MiinimumoPPrice' with the class of {6E3E8E43-56D8-BDB1-B926-A20075067189}.
  • 8.x64.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'ssaaver box' with the class of {509D3BEC-9E4D-5822-E8E3-2083D5BAB6DD}.
  • Xdx0Esfy.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'BiitSiaver' with the class of {A25519A4-9C1B-5FEC-CFF9-BA2E9C5B6B1B}.
  • QdmgCoc.dll is installed in Internet Explorer as a BHO (Browser Helper Object) under the name 'lEsss2pay' with the class of {F3CFAB6C-B215-3876-F723-BADB8A995FB3}.

How do I remove lEsss2pay?

Quickly and completely remove lEsss2pay from your computer by downloading "Should I Remove It?", its 100% FREE and installs in seconds (click the button below).
Download "Should I Remove It?", it's FREE!Remove lEsss2pay from your computer.
Or, you can uninstall lEsss2pay from your computer by using the Add/Remove Program feature in the Window's Control Panel.
  1. On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
    • Windows Vista/7/8: Click Uninstall a Program.
    • Windows XP: Click Add or Remove Programs.
  2. When you find the program lEsss2pay, click it, and then do one of the following:
    • Windows Vista/7/8: Click Uninstall.
    • Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
  3. Follow the prompts. A progress bar shows you how long it will take to remove lEsss2pay.
  4. If for some reason uninstallation fails, please install Microsoft's uninstall fixer utility which will help fix problems with programs that can't be uninstalled at support.microsoft.com.

How do I reset my web browser?

If your web browser homepage and search settings have been modfied by lEsss2pay you can restore them to their previous default settings.
Microsoft Internet Explorer
Mozilla Firefox
Google Chrome
Scan your PC for malware
If you do not have a good anti-virus program, please consider installing one. Below are some we highly recommend.

Win 10 67%
Win XP 33%
Uninstall it 82%
Keep it 18%
United States

Windows OS versionsWindows

Which Windows OS versions does it run on?
Windows 10 66.67%
Windows XP 33.33%
Which OS releases does it run on?
Microsoft Windows XP 33.33%
Windows 8.1 33.33%
Windows 8.1 Pro 33.33%

Distribution by countryGeography

66.67% of installs come from the United States
Which countries install it?
  United States 66.67%
  Canada 16.67%
  United Kingdom 16.67%

OEM distributionPC manufacturers

What PC manufacturers (OEMs) have it installed?
Lenovo 50.00%
Acer 50.00%
Common models
LENOVO 33472YU 33.33%
Acer Aspire V5-571P 33.33%


user comment
No one has commented yet. Help others learn more about this software, share your comments.