About “Adware.SmsHoax.1” infection

The Adware.SmsHoax.1 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Adware.SmsHoax.1 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Adware.SmsHoax.1?


File Info:
name: B535937E04737A173457.mlw
path: /opt/CAPEv2/storage/binaries/48f7e066990319d8c3977742d863d52c16e322ec931debd8ce903b85f7e40c9a
crc32: E0FC4408
md5: b535937e04737a173457d52ee1e988e2
sha1: 676489530c013ea8266640372e2b4d4575eee3e9
sha256: 48f7e066990319d8c3977742d863d52c16e322ec931debd8ce903b85f7e40c9a
sha512: f1610c3e63b14ab1c240bb7a94e4b72d61c0a882e255a0fe90f2f271d79022074d0a40f35d4e13718acf6833201998d7c2cc7344a77251bf8f82b6b5cf0ffd1b
ssdeep: 196608:Gfvr+r3f49VuKhz7tUbk9t+r0uxhQEbTHBU3aeJ25p5+4ZRG5bwUTTUq7UqDN+Q/:vuBgtVNfsIqQWxaPe07wFNJsv6tWKFdp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D1A66C29EA07A0F3DD5B09709117F37F8B61A632C4109D8EDA881E09DA739E1F91E753
sha3_384: 87740cc477d4b2843403b7ee2c4f2017b3f7315238087c3399b6bbcf42004ad8175aa9f60a8b50787d624b613ad67d4a
ep_bytes: 5589e583ec08c7042402000000ff1558
timestamp: 2010-11-07 18:53:20

Version Info:
0: [No Data]

Adware.SmsHoax.1 also known as:

MicroWorld-eScan	Gen:Variant.Adware.SmsHoax.1
CAT-QuickHeal	Trojan.Ninunarch
McAfee	Artemis!B535937E0473
VIPRE	Gen:Variant.Adware.SmsHoax.1
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	JokeProgram ( 001d78e71 )
K7GW	JokeProgram ( 001d78e71 )
CrowdStrike	win/malicious_confidence_70% (W)
Cyren	W32/FakeInstall.C.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Hoax.ArchSMS.BF
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Adware.SmsHoax.1
Avast	Win32:FakeDown [Trj]
Emsisoft	Gen:Variant.Adware.SmsHoax.1 (B)
F-Secure	Rogue:W32/Archsms.A
McAfee-GW-Edition	BehavesLike.Win32.BadFile.th
FireEye	Generic.mg.b535937e04737a17
GData	Gen:Variant.Adware.SmsHoax.1
Jiangmin	Hoax.ArchSMS.bvfy
Google	Detected
Avira	TR/Fraud.Gen2
Xcitium	TrojWare.Win32.Hoax.Archsms.~dy01@1xyy7h
Arcabit	Trojan.Adware.SmsHoax.1
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/Ninunarch.A
AhnLab-V3	Trojan/Win.Ninunarch.R591175
ALYac	Gen:Variant.Adware.SmsHoax.1
MAX	malware (ai score=66)
VBA32	Trojan.Flasher.xj
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Trojan.Ninunarch!8.530 (TFE:5:gigTnxnx18I)
Yandex	Trojan.GenAsa!OtLc7tnpF94
Ikarus	Hoax.Win32.ArchSMS
Fortinet	Riskware/ArchSMS
AVG	Win32:FakeDown [Trj]
Cybereason	malicious.e04737
DeepInstinct	MALICIOUS

How to remove Adware.SmsHoax.1?

Adware.SmsHoax.1 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X