WinZipper
Posted: March 23, 2015
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 3,669 |
|---|---|
| Threat Level: | 1/10 |
| Infected PCs: | 394,356 |
| First Seen: | March 23, 2015 |
|---|---|
| Last Seen: | March 9, 2025 |
| OS(es) Affected: | Windows |
WinZipper is a file compression application that may often use deceptive marketing tricks to get to the machines of as many users as possible. This program isn't threatening, and its name isn't linked to any suspicious activities such as hijacking a Web browser's settings or injecting marketing content in the user's Web browser. However, WinZipper is identified as a Potentially Unwanted Program by many reputable anti-malware software vendors, and many users might want to consider removing this program from their computers if they didn't download and install it on purpose.
The WinZipper application may travel via low-quality software bundles that may utilize misleading installation instructions, confusing license agreements and other tricks whose goal is to convince users to authorize the installation of WinZipper unknowingly. When WinZipper is installed, it may set itself as a default program for opening all kinds of compressed files automatically, thus preventing users from utilizing their favorite file compression program. Furthermore, WinZipper's installation creates a Windows Service that will be started automatically whenever the computer is powered on, and all this is done automatically.
WinZipper doesn't include any limitations that may impair the utility's compression performance, so it is safe to say that users should not encounter any problems if they opt to use it. However, because of its ability to install itself stealthily, as well as to create an automatically started Windows Service, WinZipper is an application whose removal might not be a bad idea. If you find this tool useful, then removing it is not mandatory. However, if you found it on your computer and you didn't install it intentionally, then we advise you to remove WinZipper with the help of potent cyber security software.
Aliases
Artemis!FD4518DBC764 [McAfee]Artemis [McAfee-GW-Edition]Taishumu.511 [AVG]Adware.Mutabaha.343 [DrWeb]PUA.WinZipper [Symantec]
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP126\A0056866.exe
File name: A0056866.exeSize: 1.55 MB (1559216 bytes)
MD5: 1349aa702ed846d801971837fb4354c9
Detection count: 602
File type: Executable File
Mime Type: unknown/exe
Path: C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP126\A0056866.exe
Group: Malware file
Last Updated: September 23, 2023
C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP144\A0077943.exe
File name: A0077943.exeSize: 1.69 MB (1698312 bytes)
MD5: 538ad7c45fd01c52196b6756034ab914
Detection count: 548
File type: Executable File
Mime Type: unknown/exe
Path: C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP144\A0077943.exe
Group: Malware file
Last Updated: October 9, 2021
C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP112\A0035920.exe
File name: A0035920.exeSize: 1.65 MB (1657520 bytes)
MD5: 53f45b558a0aebd79f9edc2142fa26da
Detection count: 410
File type: Executable File
Mime Type: unknown/exe
Path: C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP112\A0035920.exe
Group: Malware file
Last Updated: January 30, 2025
%SYSTEMDRIVE%\System Volume Information\_restore{4EC8B925-B0B0-414B-9CB6-B2AB003E7B01}\RP193\A0126475.exe
File name: A0126475.exeSize: 2.92 MB (2921072 bytes)
MD5: df667a225fad7706c3dc45fcc01314cc
Detection count: 410
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\System Volume Information\_restore{4EC8B925-B0B0-414B-9CB6-B2AB003E7B01}\RP193\A0126475.exe
Group: Malware file
Last Updated: August 8, 2024
C:\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.111.exe
File name: zip_update_v1.5.111.exeSize: 414.72 KB (414720 bytes)
MD5: 6178eca2e4599943a7f417abc077882c
Detection count: 319
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.111.exe
Group: Malware file
Last Updated: March 12, 2024
C:\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.132.exe.vir
File name: zip_update_v1.5.132.exe.virSize: 432.12 KB (432128 bytes)
MD5: 24ad81381458213d104bdd85d310b177
Detection count: 255
Mime Type: unknown/vir
Path: C:\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.132.exe.vir
Group: Malware file
Last Updated: August 8, 2024
C:\Users\<username>\AppData\Local\Temp\d207598268\omigazip\TrayDownloader.exe
File name: TrayDownloader.exeSize: 171.66 KB (171664 bytes)
MD5: 0027b788c35ab4f094cb8e5a84de8b0d
Detection count: 248
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\d207598268\omigazip\TrayDownloader.exe
Group: Malware file
Last Updated: October 29, 2023
%SYSTEMDRIVE%\AdwCleaner\FileQuarantine\C\Program Files (x86)\WinZipper\dup.exe.vir
File name: dup.exe.virSize: 407.72 KB (407728 bytes)
MD5: 876835484175718816c18eeac0239705
Detection count: 230
Mime Type: unknown/vir
Path: %SYSTEMDRIVE%\AdwCleaner\FileQuarantine\C\Program Files (x86)\WinZipper\dup.exe.vir
Group: Malware file
Last Updated: February 27, 2023
C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP126\A0056875.exe
File name: A0056875.exeSize: 731.82 KB (731824 bytes)
MD5: 339d68e8f09c4471019055156b3e3650
Detection count: 215
File type: Executable File
Mime Type: unknown/exe
Path: C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP126\A0056875.exe
Group: Malware file
Last Updated: November 12, 2022
C:\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.119.exe
File name: zip_update_v1.5.119.exeSize: 432.64 KB (432640 bytes)
MD5: 85f35698a5388c4c3fa0faf2d2455c15
Detection count: 143
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.119.exe
Group: Malware file
Last Updated: February 27, 2023
%SYSTEMDRIVE%\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPKN15LY\wzp2yac_201512096_out[1].exe
File name: wzp2yac_201512096_out[1].exeSize: 434.68 KB (434688 bytes)
MD5: 9fe6a872aac4e8164a94cbff70b1356c
Detection count: 131
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPKN15LY\wzp2yac_201512096_out[1].exe
Group: Malware file
Last Updated: September 18, 2023
C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP118\A0046663.exe
File name: A0046663.exeSize: 711.34 KB (711344 bytes)
MD5: 64551e1f5a559f95afe182314736bf6d
Detection count: 126
File type: Executable File
Mime Type: unknown/exe
Path: C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP118\A0046663.exe
Group: Malware file
Last Updated: June 6, 2022
C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP112\A0035933.exe
File name: A0035933.exeSize: 711.34 KB (711344 bytes)
MD5: ac635d9c14f825f18a5752b537e13c3e
Detection count: 108
File type: Executable File
Mime Type: unknown/exe
Path: C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP112\A0035933.exe
Group: Malware file
Last Updated: January 30, 2025
C:\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.121.exe
File name: zip_update_v1.5.121.exeSize: 432.64 KB (432640 bytes)
MD5: 88448604583fa0c199acd89e847ee088
Detection count: 103
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.121.exe
Group: Malware file
Last Updated: September 23, 2023
C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP144\A0077958.exe
File name: A0077958.exeSize: 399.36 KB (399360 bytes)
MD5: 4bfaf6d7fb8e99ce5dc93bb121235567
Detection count: 96
File type: Executable File
Mime Type: unknown/exe
Path: C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP144\A0077958.exe
Group: Malware file
Last Updated: October 10, 2023
%PROGRAMFILES%\WinZipper\WinZipper.exe
File name: WinZipper.exeSize: 1.65 MB (1657520 bytes)
MD5: fd2b67cc95adb0dfd9e1fd4a919219c8
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\WinZipper
Group: Malware file
Last Updated: February 11, 2016
C:\Program Files\WinZipper\dup.exe
File name: dup.exeSize: 363.69 KB (363696 bytes)
MD5: dbe8b7379813789ad09dae023a53db9f
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files\WinZipper\dup.exe
Group: Malware file
Last Updated: September 28, 2022
C:\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.123.exe
File name: zip_update_v1.5.123.exeSize: 432.64 KB (432640 bytes)
MD5: 00aa201560cc97a90e8e2e6fe4f96fa6
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.123.exe
Group: Malware file
Last Updated: November 17, 2022
C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP118\A0046654.exe
File name: A0046654.exeSize: 1.65 MB (1657520 bytes)
MD5: 491fbc8fbb2041485c9ff136665040ef
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Path: C:\System Volume Information\_restore{61313432-71E1-41E4-9839-B12335D1664E}\RP118\A0046654.exe
Group: Malware file
Last Updated: June 10, 2022
C:\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.101.exe
File name: zip_update_v1.5.101.exeSize: 220.31 KB (220311 bytes)
MD5: a3f811d9d4d08c8659d06144c7b35701
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\WinZipper\update\zip_update_v1.5.101.exe
Group: Malware file
Last Updated: June 16, 2023
C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYPAJ0PG\wzpup_2015.07.24_out_2[1].exe
File name: wzpup_2015.07.24_out_2[1].exeSize: 230.82 KB (230829 bytes)
MD5: 3002d57cf4a704f05e95ace6df9fcb65
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYPAJ0PG\wzpup_2015.07.24_out_2[1].exe
Group: Malware file
Last Updated: January 15, 2022
C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTE287GX\wzpup_2015.07.24_out_1[1].exe
File name: wzpup_2015.07.24_out_1[1].exeSize: 230.8 KB (230801 bytes)
MD5: b3d302edf42d0268b943c6a8061115e8
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTE287GX\wzpup_2015.07.24_out_1[1].exe
Group: Malware file
Last Updated: October 19, 2022
%PROGRAMFILES%\WinZipper\winzipersvc.exe
File name: winzipersvc.exeSize: 708.24 KB (708248 bytes)
MD5: 258bd28e3f00871d59cf0f4cd0e7d250
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\WinZipper
Group: Malware file
Last Updated: March 26, 2016
More files
Registry Modifications
The following newly produced Registry Values are:
CLSID{4F622628-7632-4B28-B184-D7BA0CA3273B}{DC638EEA-2BA2-4459-9C46-85A2F0BE6040}HKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipperSOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipperSOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinZipperSOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipperSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids\WinZipper.cabSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids\WinZipper.zipSOFTWARE\WinZiperSOFTWARE\winzipersvcSOFTWARE\Wow6432Node\WinZiperSOFTWARE\Wow6432Node\winzipersvcSYSTEM\ControlSet001\services\eventlog\Application\winzipersvcSYSTEM\ControlSet001\services\winzipersvcSYSTEM\ControlSet002\services\eventlog\Application\winzipersvcSYSTEM\ControlSet002\services\winzipersvcSYSTEM\CurrentControlSet\services\eventlog\Application\winzipersvcSYSTEM\CurrentControlSet\services\winzipersvcHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}WinZipper
CLSID{4F622628-7632-4B28-B184-D7BA0CA3273B}{DC638EEA-2BA2-4459-9C46-85A2F0BE6040}HKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipperSOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipperSOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinZipperSOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipperSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids\WinZipper.cabSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids\WinZipper.zipSOFTWARE\WinZiperSOFTWARE\winzipersvcSOFTWARE\Wow6432Node\WinZiperSOFTWARE\Wow6432Node\winzipersvcSYSTEM\ControlSet001\services\eventlog\Application\winzipersvcSYSTEM\ControlSet001\services\winzipersvcSYSTEM\ControlSet002\services\eventlog\Application\winzipersvcSYSTEM\ControlSet002\services\winzipersvcSYSTEM\CurrentControlSet\services\eventlog\Application\winzipersvcSYSTEM\CurrentControlSet\services\winzipersvcHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}WinZipper
Additional Information
The following directories were created:
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\WinZipper%ALLUSERSPROFILE%\Start Menu\Programs\WinZipper%APPDATA%\WinZiper%APPDATA%\WinZipper%PROGRAMFILES%\WinZipper%PROGRAMFILES(x86)%\WinZipper
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.