Adware

Should I remove “Adware.InstallMonster.UPX”?

Malware Removal

The Adware.InstallMonster.UPX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Adware.InstallMonster.UPX virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Japanese
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX

Related domains:

ecosystem.unvocal.ru

How to determine Adware.InstallMonster.UPX?



File Info:

crc32: 2748EB9B
md5: c6d1d3139e144b48a90fce3b5dae23b5
name: C6D1D3139E144B48A90FCE3B5DAE23B5.mlw
sha1: 1afc384127cb0b56f086573548ac9a8d2f752ee1
sha256: 5e24faade23cbf04000923ad630f7d91438d07678e3e37b9029a0dec3f87f4ce
sha512: 77afb750d55077f2fd1165238b4fa72b77faccddb05f935e8a073de900ca295bae614d3cd393827170cbb5fd88ae75d6a637143d4ad9bc258f38bdd282e54156
ssdeep: 3072:aEIOnsp1xT4IxwdtlakJgorBVdBgRvTLAAuHGEiW0NURMfIxDx37:tnI1mQujLrDdBgbLXYll0ORMQxVL
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: Bosfor
InternalName: Bosfor
FileVersion: 511.64.30.21
CompanyName: Bosfor
ProductName: Bosfor
ProductVersion: 440.3.76.3
FileDescription: Bosfor
OriginalFilename: Bosfor
Translation: 0x002c 0x04b0

Adware.InstallMonster.UPX also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.411097
FireEyeGeneric.mg.c6d1d3139e144b48
CAT-QuickHealTrojan.IGENERIC
McAfeeArtemis!C6D1D3139E14
CylanceUnsafe
ZillyaDownloader.Tovkater.Win32.395
SangforMalware
K7AntiVirusTrojan-Downloader ( 005170971 )
K7GWTrojan-Downloader ( 005170971 )
Cybereasonmalicious.39e144
ArcabitTrojan.Graftor.D645D9
CyrenW32/Tovkater.D.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Adware-gen [Adw]
Kasperskynot-a-virus:HEUR:AdWare.Win32.TOVus.gen
BitDefenderGen:Variant.Graftor.411097
NANO-AntivirusRiskware.Win32.TOVus.esudbx
Paloaltogeneric.ml
AegisLabTrojan.Win32.Generic.4!c
TencentMalware.Win32.Gencirc.10b0eb7d
Ad-AwareGen:Variant.Graftor.411097
SophosMal/Generic-S
ComodoTrojWare.Win32.TrojanDownloader.Tovkater.DE@7e2kbp
F-SecureTrojan.TR/Dropper.Gen2
DrWebTrojan.DownLoader25.33430
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Flyagent.cc
EmsisoftGen:Variant.Graftor.411097 (B)
IkarusTrojan-Downloader.Win32.Tovkater
JiangminAdWare.TOVus.bb
AviraTR/Dropper.Gen2
MAXmalware (ai score=100)
Antiy-AVLGrayWare[AdWare]/Win32.AGeneric
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.TOVus.gen
GDataGen:Variant.Graftor.411097
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.Bundler.R209394
BitDefenderThetaGen:NN.ZexaF.34804.imMfa07W6scG
ALYacGen:Variant.Graftor.411097
VBA32Trojan.InstallMonster
MalwarebytesAdware.InstallMonster.UPX
ESET-NOD32a variant of Win32/TrojanDownloader.Tovkater.DD
YandexTrojan.DL.Tovkater!rekbmogCikg
SentinelOneStatic AI – Malicious PE – Downloader
MaxSecureWin.MxResIcn.Heur.Gen
FortinetW32/Tovkater.CQ!tr
AVGWin32:Adware-gen [Adw]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_80% (D)

How to remove Adware.InstallMonster.UPX?

Adware.InstallMonster.UPX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment