Advanced ScreenSnapshot

Posted by Max Lehmann on February 15, 2016

What is Advanced ScreenSnapshot?

Have you recently downloaded a suspicious program called Advanced ScreenSnapshot to help you capture screens? Was it installed without your permission? In either case, it is classified as a potentially unwanted program, and you need to eliminate it from your computer as soon as possible. Anti-Spyware-101.com malware analysts have tested this program and found that it could help download third-party malware onto your computer most likely without your permission or knowledge. Although we classify this threat as a PUP, you should not underestimate it. If you do not delete this program from your operating system right away, malicious threats could be slipped in before you know it. Unfortunately, they could be much more dangerous, and your virtual security could be jeopardized by them. The good news is that the removal of Advanced ScreenSnapshot is not extremely complicated.testtest

How does Advanced ScreenSnapshot work?

Advanced ScreenSnapshot is controlled using various different files, including, Report.exe, CrashUL.exe, Language.json, CrashReport.exe, InstallHelper.exe, and several dynamic link library files. These files are stored in a folder that can be found in the %ProgramFiles% or %ProgramFiles(x86)% directories. The folder containing these files is not difficult to identify as it is called “ScreenSnapshotTool.” The file that we are most concerned about is ScreenShotServ.exe. This file is around 152Kb, and you will find it in a subfolder that is named after the version of the PUP, for example, 1.0.1.10820. This file is signed by qiusheng xie, the official publisher of the PUP itself. The name of this publisher is Chinese, which suggests that the program could be controlled from China. You must delete ScreenShotServ.exe as soon as possible because this is the backdoor for other threats to enter your operating system. Our research has revealed that the creators of Advanced ScreenSnapshot have the possibility to download malware using this file!

Even if malicious programs were not installed onto your computer by Advanced ScreenSnapshot, you might encounter malware associated with this PUP. As mentioned previously, third-party programs could be downloaded onto your operating system packaged along with this PUP, and you cannot ignore them. Although the program we are discussing in this report is truly dangerous because it can install malware without your notice, you should not direct all of your focus on it alone. By the time you figure out how to eliminate this potentially unwanted program, you might find that other malicious programs capable of downloading malware were installed. Due to this, we suggest taking care of all threats simultaneously. Of course, if you choose to delete malware manually, you will have to take your chances and hope that you can eliminate all threats before they do any damage. Keep in mind that even if the PUP works as expected, you MUST delete it from your operating system without further delay.

How to delete Advanced ScreenSnapshot

There are plenty of threats that offer the desired services only to conceal malicious activity. If you do not delete Advanced ScreenSnapshot from your operating system, it is possible that it will invite in much more malicious infections. Keep in mind that these infections might be silent, and their activity might be unnoticeable. If this PUP was installed on your PC, it is important to inspect your operating system for other active infections, and you can do this using a malware scanner. Employ a reliable scanner, and it will identify all computer threats that you need to eradicate. Another tool we recommend using is an automated malware remover. This tool can erase all computer threats from your PC, and this is exceptionally helpful if many other threats have corrupted your operating system. All in all, if you decide to stick with the manual removal, you have two options. You can uninstall this PUP, or you can delete its files and registry keys one by one. If you prefer the latter option, follow the instructions below.

Removal Instructions

  1. Launch Explorer (Win+E) and enter %ProgramFiles(x86)% or %ProgramFiles% into the address bar.
  2. Right-click the ScreenSnapshotTool folder and select Delete.
  3. Launch RUN (Win+R), enter regedit.exe, and click OK to launch the Registry Editor.
  4. Right-click and Deletethese keys:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{61FFE1F9-137D-4c31-A181-3415FCAA5946}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61FFE1F9-137D-4c31-A181-3415FCAA5946}
    • HKEY_LOCAL_MACHINE\SOFTWARE\ScreenSnapshotTool
    • HKEY_CURRENT_USER\Software\{4E1B0D74-9DE3-4d5c-ABB5-5717F0485A00}
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TheScreenSnapshotService
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TheScreenSnapshotService
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\TheScreenSnapshotService

N.B. If you have questions about this potentially unwanted program or any other unreliable program active along with it, you can post a comment below. We are ready to help you get past any problems that you might have faced along the way. Note that other threats you are interested in might have already been reviewed in other reports on this site. Use the search box on the top-right to find them.

100% FREE spyware scan and
tested removal of Advanced ScreenSnapshot*
Disclaimer
Disclaimer
Potentially Unwanted Application

Leave a Comment

Enter the numbers in the box to the right *