Categories: Adware

Adware.Agent.OIF removal

The Adware.Agent.OIF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Adware.Agent.OIF virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Enumerates user accounts on the system
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Overwrites multiple files with zero bytes (hex 00) indicative of a wiper

How to determine Adware.Agent.OIF?



File Info:

name: F77EDB4D009B7DBA045B.mlwpath: /opt/CAPEv2/storage/binaries/7abde8c8d27108193107348a481cbca560fb09ad2eab1faf25d986e5fcd84196crc32: A58794E6md5: f77edb4d009b7dba045b4d0b539efe69sha1: 09287faf8007121ccd7b3356d3de57cb3f305048sha256: 7abde8c8d27108193107348a481cbca560fb09ad2eab1faf25d986e5fcd84196sha512: 3abd20484fd37588b78e890aced2ed6977e5e1de372df525746fccd238070ee5ec75017585d40819fcbc92b58d94182fe98d011f0143f1f4ad3ce75592faf878ssdeep: 24576:OJJefqHxmyYcjB1ShHj0JzTyBQNPFv59dqiS7obyUf:UefqcoUdazOOFv59do2type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1DA15017ABDDA96F5DD1A02357ABA5AD4E4FEE8F61C31045B27461607EE20FC024B301Bsha3_384: c51fd41d26f1594511d012cc56188bd343d39ba15f0a4e6369a18d3eb1b0204243eb80ca921c06db66d17436f75e0f46ep_bytes: 6a5c6888ae4100e8ee100000895ddc89timestamp: 2014-08-27 00:28:44

Version Info:

CompanyName: SetupFileDescription: SetupFileVersion: 2.5.0.0InternalName: SetupLegalCopyright: Copyright (c) 2014OriginalFilename: SetupProductName: SetupProductVersion: 2.5.0.0Translation: 0x041d 0x0000

Adware.Agent.OIF also known as:

Bkav W32.AIDetect.malware1
tehtris Generic.Malware
MicroWorld-eScan Adware.Agent.OIF
FireEye Generic.mg.f77edb4d009b7dba
CAT-QuickHeal Pua.Agent.21070
McAfee MultiPlug
Cylance Unsafe
VIPRE Adware.Agent.OIF
Sangfor Trojan.Win32.Save.a
K7AntiVirus Unwanted-Program ( 0040f93f1 )
K7GW Unwanted-Program ( 0040f93f1 )
Cybereason malicious.d009b7
Baidu Win32.Adware.Generic.as
VirIT Trojan.Win32.Crossrider.BTZX
Cyren W32/S-8cddb77b!Eldorado
Symantec SMG.Heur!gen
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Adware.MultiPlug.BU
APEX Malicious
ClamAV Win.Adware.Agent-1377476
Kaspersky not-a-virus:AdWare.Win32.Otezinu.dl
BitDefender Adware.Agent.OIF
NANO-Antivirus Trojan.Win32.Adond.deeuns
SUPERAntiSpyware PUP.MultiPlug/Variant
Avast Win32:Adware-gen [Adw]
Tencent Adware.Win32.Otezinu.ya
Ad-Aware Adware.Agent.OIF
Emsisoft Adware.Agent.OIF (B)
Comodo Application.Win32.Multiplug.R@58n3s2
DrWeb Trojan.Crossrider.31093
Zillya Adware.Otezinu.Win32.25
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dc
Trapmine malicious.high.ml.score
Sophos MultiPlug (PUA)
Ikarus Trojan.Win32.Sisproc
GData Adware.Agent.OIF
Jiangmin AdWare/Otezinu.a
Avira TR/Crypt.EPACK.Gen2
Antiy-AVL Trojan/Generic.ASMalwS.3269
Arcabit Adware.Agent.OIF
Microsoft Trojan:Win32/Sabsik.EN.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 PUP/Win32.Generic.R117392
BitDefenderTheta Gen:NN.ZexaF.34806.4u0@a4l9QLai
ALYac Adware.Agent.OIF
MAX malware (ai score=65)
VBA32 BScope.Trojan.Crossrider
Malwarebytes PUP.Optional.BundleInstaller
Rising Trojan.Generic@AI.100 (RDML:qZfyTqbImJi0FYQ/KumPcw)
Yandex PUA.Agent!R9ZJsiFIAlw
SentinelOne Static AI – Malicious PE
MaxSecure not a virus:Adware.Otezinu.dl
Fortinet Adware/MultiPlug
AVG Win32:Adware-gen [Adw]
Panda Generic Suspicious
CrowdStrike win/grayware_confidence_100% (W)

How to remove Adware.Agent.OIF?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Adware.Agent.OIFSetup
2 years ago

Recent Posts

What is “Lazy.519114”?

The Lazy.519114 is considered dangerous by lots of security experts. When this infection is active,…

3 mins ago

Should I remove “Malware.AI.3622831725”?

The Malware.AI.3622831725 is considered dangerous by lots of security experts. When this infection is active,…

14 mins ago

What is “Generic.Dacic.94CCEEA9.A.B2226F8C (B)”?

The Generic.Dacic.94CCEEA9.A.B2226F8C (B) is considered dangerous by lots of security experts. When this infection is…

23 mins ago

What is “Tedy.577368”?

The Tedy.577368 is considered dangerous by lots of security experts. When this infection is active,…

28 mins ago

MSIL/TrojanDownloader.Agent.QRC removal tips

The MSIL/TrojanDownloader.Agent.QRC is considered dangerous by lots of security experts. When this infection is active,…

29 mins ago

Generic.Dacic.94CCEEA9.A.6E0589A0 (B) information

The Generic.Dacic.94CCEEA9.A.6E0589A0 (B) is considered dangerous by lots of security experts. When this infection is…

1 hour ago