Adware

What is “Adware.Convagent”?

Malware Removal

The Adware.Convagent is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Adware.Convagent virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Adware.Convagent?



File Info:

name: CE535473D8EC62EA685C.mlw
path: /opt/CAPEv2/storage/binaries/dc55078eea81159df7f422ae8701553972e5504ac83d0772994dfbdd31de38ab
crc32: 9E5475BD
md5: ce535473d8ec62ea685c84d7a7007ed3
sha1: 532d8157284cbd2110cc3936fbb5dd8b4a066363
sha256: dc55078eea81159df7f422ae8701553972e5504ac83d0772994dfbdd31de38ab
sha512: 7ae251d86399db5bdc49ffaecfe7136039351e4b025f415da6f07e75ca0faf80937cfda6c8ecc2875167d91cb9e881a46fc6e5dccf2cd35c5b2fc1a0f4d2b33a
ssdeep: 49152:kl89CgKEFkatOrKjbscZEfHx2/9sZm0fdj6vXgMNaMPQpT:TCfzbOt4R2/9sbFYXgMLPQp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B18523BEAF01EF1FCC4261B84406EC39A5C06D7CB020979A2DE5BE57B5F7466EC60096
sha3_384: 7b17268b71634f5054476de212f2a01b691b63f752b6543b1ee53f84c310a278a8b3fd9c1b64c04bdc3e6b1d1727efca
ep_bytes: 6801605d00e801000000c3c3ce8caf15
timestamp: 2021-12-06 15:42:13


Version Info:

CompanyName: Huge Co Ltd
FileDescription: Huge BRUSH 
FileVersion: 1.0.0.1
InternalName: HugeBRUSH.exe
LegalCopyright: Copyright 2021.
OriginalFilename: HugeBRUSH.exe
ProductName: HugeBRUSH
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04e4

Adware.Convagent also known as:

BkavW32.AIDetect.malware2
LionicAdware.Win32.Convagent.2!c
DrWebTrojan.Siggen15.65207
MicroWorld-eScanTrojan.GenericKD.38205288
FireEyeTrojan.GenericKD.38205288
McAfeeArtemis!CE535473D8EC
CylanceUnsafe
ZillyaAdware.Convagent.Win32.1453
BitDefenderThetaGen:NN.ZexaF.34084.UL1aa89FgTgi
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002H0CL921
Kasperskynot-a-virus:VHO:AdWare.Win32.Convagent.gen
BitDefenderTrojan.GenericKD.38205288
ViRobotAdware.Agent.1807008
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.38205288
EmsisoftTrojan.GenericKD.38205288 (B)
McAfee-GW-EditionArtemis
SophosGeneric PUA FD (PUA)
MAXmalware (ai score=88)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftProgram:Win32/Uwamson.A!ml
GDataTrojan.GenericKD.38205288
AhnLab-V3Trojan/Win.Generic.C4848302
VBA32Adware.Convagent
ALYacTrojan.GenericKD.38205288
APEXMalicious
FortinetAdware/OpenSUpdater
AVGWin32:Malware-gen

How to remove Adware.Convagent?

Adware.Convagent removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment