Adware

What is “Adware.ClearSearch”?

Malware Removal

The Adware.ClearSearch is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Adware.ClearSearch virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Adware.ClearSearch?



File Info:

name: 0917F7CA08F1213B342D.mlw
path: /opt/CAPEv2/storage/binaries/f3385d56d9f1dce398d204dabd4548b31f6a32391784a4a53f3f34de8e8c57ee
crc32: 00EA5FBB
md5: 0917f7ca08f1213b342d44f603149004
sha1: c5aa85903f5cb5597f6eb3673081de06daf6ea95
sha256: f3385d56d9f1dce398d204dabd4548b31f6a32391784a4a53f3f34de8e8c57ee
sha512: 463bd1085a83448b1681f94383b0b21f5e61c28d5c3368d671e86e55b1de27c9ad16a258aff3f9443c142bdb4842e73c119dd2e719ee424534b50207a789796c
ssdeep: 49152:u6Oabv6OabB6Oabv6Oab66Oabv6OabB6Oabv6Oab26Oabv6OabB6Oabv6Oab66Ol:WgrgBgrgSgrgBgrgugrgBgrgSgrgBgrg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14595AF1F7ED18072C4D144B229795F31DBFABA6A07359983CB68DD6428732D2D23B21E
sha3_384: bfc91a3429c5381ed904df9d1b4a780131f1dff106493b116413a40398992f5f05b348d2da04010314208bc1f5910968
ep_bytes: 558bec6aff68f01140006848bc410064
timestamp: 2005-04-18 19:48:54


Version Info:

Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1, 14, 0, 21
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
PrivateBuild: 
ProductName: 
ProductVersion: 1, 14, 0, 21
SpecialBuild: 
Translation: 0x0409 0x04b0

Adware.ClearSearch also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Ruledor.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Doina.8953
FireEyeGeneric.mg.0917f7ca08f1213b
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacGen:Variant.Doina.8953
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_60% (W)
BitDefenderGen:Variant.Doina.8953
K7GWAdware ( 004bdb871 )
K7AntiVirusAdware ( 004bdb871 )
BitDefenderThetaGen:NN.ZexaF.34062.hm0@aKzFY7bi
CyrenW32/ClearSearch.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Adware.ClearSearch.AA
TrendMicro-HouseCallTROJ_CLEARSEARCH_0000002.TOMA
Paloaltogeneric.ml
ClamAVWin.Trojan.Ruledor-3
KasperskyUDS:Backdoor.Win32.Ruledor
AlibabaBackdoor:Win32/Ruledor.9a9d76c9
NANO-AntivirusTrojan.Win32.Ruledor.bshxu
ViRobotBackdoor.Win32.Ruledor.119808
RisingTrojan.Generic@ML.96 (RDML:WbT6JvjZDaOldVxZPl+1cA)
Ad-AwareGen:Variant.Doina.8953
ComodoTrojWare.Win32.Ruledor.G0@1maftj
DrWebBackDoor.Ruler.16
TrendMicroTROJ_CLEARSEARCH_0000002.TOMA
McAfee-GW-EditionBehavesLike.Win32.IRCbot.th
EmsisoftGen:Variant.Doina.8953 (B)
APEXMalicious
JiangminBackdoor/Ruledor.c
AviraTR/Ruledor.G
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.B87D4
GridinsoftRansom.Win32.Gen.sa
MicrosoftBrowserModifier:Win32/ClearSearch
GDataGen:Variant.Doina.8953
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Downloader.R39689
Acronissuspicious
McAfeeGenericRXGO-KL!0917F7CA08F1
VBA32BScope.Backdoor.Ruledor
MalwarebytesAdware.ClearSearch
IkarusBHO.Win32.ClearSearch
PandaTrj/Genetic.gen
TencentMalware.Win32.Gencirc.10b07a3f
YandexTrojan.GenAsa!WVXBidr9NKE
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Ruledor.O!tr
AVGWin32:Ruledor [Trj]
Cybereasonmalicious.a08f12
AvastWin32:Ruledor [Trj]

How to remove Adware.ClearSearch?

Adware.ClearSearch removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment