Adware

Should I remove “Adware.Generic.3023822”?

Malware Removal

The Adware.Generic.3023822 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Adware.Generic.3023822 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Queries information on disks, possibly for anti-virtualization
  • Attempts to modify desktop wallpaper
  • Sniffs keystrokes
  • A process attempted to delay the analysis task by a long amount of time.
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Created a service that was not started
  • Anomalous binary characteristics

How to determine Adware.Generic.3023822?


File Info:

name: 8DB469F392DDC6573EA2.mlw
path: /opt/CAPEv2/storage/binaries/96239acff0734c6fb4ffe1108044a35d51ad768f24a42d101664b38e76c21425
crc32: 09AB6785
md5: 8db469f392ddc6573ea20f4a2c261e8a
sha1: 65467a656a55dbfa0b7754d5bb295eb8c92ec859
sha256: 96239acff0734c6fb4ffe1108044a35d51ad768f24a42d101664b38e76c21425
sha512: 3b1676c1ac4fd9f8e30cd3e022e381b5153dd028d6fbcb83dc659acfd875a83904d6fbc5d83228973adbf9fd0385620cd2f71efdd8864abfcdacf84e78545551
ssdeep: 98304:zPyORXktfxQQhKiYX3xhvHll2SspKHrGks1dcomqNkj1cuimwkEFxHUti0nlUAIi:zPyG0NI33vSSeKHikp1cuippUei
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18D36F122B554C0B6D6620131CE35FFA542EDBF32573580DBB7846B2E4D325C2AE36A63
sha3_384: e89f9f0c1f9ebc315aa22c6a423f2610bc767cb49d5efb1b8b31e72db5ba585019542ccaf3ad55c3d3d3ad52160ba080
ep_bytes: e8b5060000e97afeffff8b4df464890d
timestamp: 2021-11-24 03:05:35

Version Info:

CompanyName: Shanghai Youxin Information Technology Co. Ltd.
FileDescription: BILINote 32 Bit Application
FileVersion: 1.806.3.5000
LegalCopyright: Copyright (C) 2015-2020 Youxin Information. All Rights Reserved
ProductName: BILINote
ProductVersion: 1.806.3.5000
Translation: 0x0804 0x04b0

Adware.Generic.3023822 also known as:

LionicTrojan.Win32.Bingoml.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen15.33923
MicroWorld-eScanAdware.Generic.3023822
FireEyeGeneric.mg.8db469f392ddc657
CAT-QuickHealTrojan.MultiRI.S22849626
ALYacAdware.Generic.3023822
CylanceUnsafe
SangforTrojan.Win32.Bingoml.gen
CrowdStrikewin/grayware_confidence_60% (D)
AlibabaAdWare:Win32/Softcnapp.4b8
K7GWAdware ( 005680371 )
K7AntiVirusAdware ( 005680371 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/HaoFeng.A potentially unwanted
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Bingoml.gen
BitDefenderAdware.Generic.3023822
AvastWin32:Malware-gen
Ad-AwareAdware.Generic.3023822
EmsisoftAdware.Generic.3023822 (B)
ComodoApplicUnwnt@#2s8xvspxf7ukq
F-SecureHeuristic.HEUR/AGEN.1224834
ZillyaTrojan.Agent.Win32.2541233
McAfee-GW-EditionArtemis!Trojan
SophosGeneric PUA GF (PUA)
IkarusPUA.HaoFeng
GDataAdware.Generic.3023822
JiangminTrojan.Scar.srz
AviraHEUR/AGEN.1224834
Antiy-AVLTrojan/Generic.ASMalwS.3444D2B
ZoneAlarmHEUR:Trojan.Win32.Bingoml.gen
MicrosoftTrojan:Win32/Wacatac.A!ml
CynetMalicious (score: 99)
AhnLab-V3Malware/Gen.Reputation.C4292484
McAfeeGenericRXAA-FA!8DB469F392DD
MAXmalware (ai score=63)
VBA32BScope.Trojan.Scar
MalwarebytesPUP.Optional.ChinAd
RisingAdware.Agent!1.D89C (CLOUD)
YandexTrojan.Bingoml!RHDI9NRy0zg
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.109135027.susgen
FortinetRiskware/HaoFeng
AVGWin32:Malware-gen
PandaTrj/Genetic.gen

How to remove Adware.Generic.3023822?

Adware.Generic.3023822 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment