Adware

Adware.Generic.3041677 removal

Malware Removal

The Adware.Generic.3041677 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Adware.Generic.3041677 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Deletes executed files from disk

How to determine Adware.Generic.3041677?


File Info:

name: 5E6469A1E253A18CE6B7.mlw
path: /opt/CAPEv2/storage/binaries/3beddeb49215c5cebc4d6d7cdef16558f7af246420490a67d4c7898e7229ac6b
crc32: D035F74F
md5: 5e6469a1e253a18ce6b700582b8550e5
sha1: 1c589648818f522e17a57d2cc5fa1d23b52c7efb
sha256: 3beddeb49215c5cebc4d6d7cdef16558f7af246420490a67d4c7898e7229ac6b
sha512: bb44aa625b19719b0316ed1ae165f8d2ed2a8ad691dbe8587e2850c938014b0a2c1bff09e555495d6e2aa0edec231d2d28973d82bd43c31f328440d651e710e5
ssdeep: 98304:EiwWw4vtj5dCDHoY2kuyTr8LpkHRsKrS371kOT5iw04sWw9Jh/DOyAo5Y:Ff18UY2kDGQRe371kOKhV/DHN5Y
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19446331491FBC0F5E1324D346ABA3163C6FFBDAE5111D5F9BAEC1DCC1A2E4218AC2658
sha3_384: 60b616f60316c06ba2ea6a7ca3c4a39529b685cd6720c95177133997b158519207d0c94f147185eedf76811f7176e3e2
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName:
FileDescription: File cloner
FileVersion: 1.0.0.6
InternalName:
OriginalFilename:
ProductName:
ProductVersion:
Translation: 0x0409 0x04e4

Adware.Generic.3041677 also known as:

LionicTrojan.Win32.Ekstak.4!c
MicroWorld-eScanAdware.Generic.3041677
FireEyeAdware.Generic.3041677
ALYacAdware.Generic.3041677
CylanceUnsafe
SangforTrojan.Win32.Agent.Vhn5
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.608e4bbd
K7GWTrojan ( 005722f11 )
SymantecTrojan.Gen.2
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0DI322
Paloaltogeneric.ml
ClamAVWin.Malware.Ekstak-9968247-0
KasperskyTrojan.Win32.Ekstak.amryi
BitDefenderAdware.Generic.3041677
CynetMalicious (score: 99)
AvastWin32:Adware-gen [Adw]
TencentWin32.Trojan.Ekstak.Ogil
Ad-AwareAdware.Generic.3041677
EmsisoftAdware.Generic.3041677 (B)
VIPREAdware.Generic.3041677
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataAdware.Generic.3041677
JiangminTrojan.Ekstak.cbqn
AviraTR/AD.Nekark.uuolf
MAXmalware (ai score=66)
ZoneAlarmTrojan.Win32.Ekstak.amryi
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Adware/Win.Adware-gen.R514141
McAfeeArtemis!5E6469A1E253
MalwarebytesAdware.DownloadAssistant
FortinetW32/Agent.SLC!tr
AVGWin32:Adware-gen [Adw]

How to remove Adware.Generic.3041677?

Adware.Generic.3041677 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment