Adware

Adware.Relevant.CU removal instruction

Malware Removal

The Adware.Relevant.CU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Adware.Relevant.CU virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify desktop wallpaper
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Adware.Relevant.CU?



File Info:

name: 10DD134D0991CFA64213.mlw
path: /opt/CAPEv2/storage/binaries/fac4a87de69b2a08e7b66365b8cceb6a4e80c6ca40f98be15f6600950fae3f5b
crc32: 540CBAB2
md5: 10dd134d0991cfa6421328574fd92bbe
sha1: dd33d220573573c9ce653795b2db89d2d4bafcc1
sha256: fac4a87de69b2a08e7b66365b8cceb6a4e80c6ca40f98be15f6600950fae3f5b
sha512: 1eb84fc3e51e99ac8483d9b2045c85427f2cd1a64367cc6fe46294e671aea0487ab3e0c37febf6ce463c92bddf17371d322533949cad1f49edb9d68c1748e973
ssdeep: 98304:JEn1/ydO5uXeJxu6yp1drgLodELYo8C4Esg3:+9yd7Mxxirqod6R8ztg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B936123FB268653ED5AE4B3245B39320597BBA62A51B8C1E07F0091CCF2A5701F3FA55
sha3_384: fc83a1104760be15ef11220af9fcde9bd47d5fe5e41b1562cc5d2c1afc84e3591c008f800a001d472242c90a0c0266c4
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-05-21 05:56:23


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: PGWARE LLC                                                  
FileDescription: GameSwift Setup                                             
FileVersion: 1.0.0.1             
LegalCopyright: Copyright © 2001-2020 PGWARE LLC                                                                    
OriginalFileName:                                                   
ProductName: GameSwift                                                   
ProductVersion: 1.0.0.1                                           
Translation: 0x0000 0x04b0

Adware.Relevant.CU also known as:

LionicAdware.Win32.Relevant.2!c
Elasticmalicious (high confidence)
MicroWorld-eScanAdware.Relevant.CU
FireEyeAdware.Relevant.CU
ALYacAdware.Relevant.CU
CylanceUnsafe
SangforAdware.Win32.Relevant.CU
K7AntiVirusRiskware ( dec003d11 )
AlibabaAdWare:Win32/BundleLoader.3089fc64
K7GWRiskware ( dec003d11 )
Cybereasonmalicious.d0991c
VirITDeceptor.PGWareBundler.CNX
CyrenW32/Adware.JQZF-0169
ESET-NOD32multiple detections
APEXMalicious
Kasperskynot-a-virus:AdWare.Win32.Relevant.ifc
BitDefenderAdware.Relevant.CU
NANO-AntivirusRiskware.Win32.Relevant.iuofma
AvastFileRepMalware
Ad-AwareAdware.Relevant.CU
SophosGeneric PUA NN (PUA)
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Dropper.rc
EmsisoftApplication.AdBundle (A)
GDataAdware.Relevant.CU
ArcabitAdware.Relevant.CU
ViRobotAdware.Relevant.5083610
MicrosoftPUA:Win32/Hypnamer.C!ml
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.BundleInstaller.R361159
McAfeeArtemis!10DD134D0991
MAXmalware (ai score=69)
VBA32Adware.Relevant
MalwarebytesPUP.Optional.BundleInstaller
YandexPUA.Relevant!QyJ4vL2xwuM
MaxSecureTrojan.Malware.11623586.susgen
FortinetAdware/Relevant
AVGFileRepMalware
PandaTrj/CI.A

How to remove Adware.Relevant.CU?

Adware.Relevant.CU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment