Malware

About “AdWare.Win32.Agent.xxyzmz” infection

Malware Removal

The AdWare.Win32.Agent.xxyzmz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AdWare.Win32.Agent.xxyzmz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine AdWare.Win32.Agent.xxyzmz?



File Info:

name: 83FA7B2270495DD4E527.mlw
path: /opt/CAPEv2/storage/binaries/c0f9512b79a87f11cebf8883bb367e742ffd1c6c4035d34642ff4e41b5a54aa2
crc32: 47634CE3
md5: 83fa7b2270495dd4e527482a3322cfed
sha1: 4d68fdb405606e5df62566a667ea73ce3a516997
sha256: c0f9512b79a87f11cebf8883bb367e742ffd1c6c4035d34642ff4e41b5a54aa2
sha512: fbe6508e67fbd98f3aa7bb2f662d4ed72dd827e5d909bba7a13933f262996246efe615da462569badeb99b87578ca46903bf7cd881796e644efd7bdfc19b558e
ssdeep: 98304:dimAy2KFALd5yxCIjrasM1LbKRGRGh/6z0RGdCAaXEI49FraMQfpPFw:dX2KFAJyMLbgB6QRAuEfBQfY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T179461227B694653EC49E3A3547B3A020587BB6A1F816BD1677F4C80DCF2A1C01F3AE65
sha3_384: cb98238f6db61566fb37cf3758dfe04cba810cc22bae2b95f57e2d7816c907fac0d907e039689354be51e3fde1bfa5a0
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-05-25 09:08:53


Version Info:

Comments: 此安装程序由 Inno Setup 构建。
CompanyName:                                                             
FileDescription: iNotePad Setup                                              
FileVersion: 1.0.1.125           
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: iNotePad                                                    
ProductVersion: 1.0.1.125           
Translation: 0x0804 0x0000

AdWare.Win32.Agent.xxyzmz also known as:

LionicAdware.Win32.Agent.2!c
McAfeeArtemis!83FA7B227049
CylanceUnsafe
ZillyaTool.FlyStudio.Win32.3432
SangforAdware.Win32.Agent.xxyzmz
K7AntiVirusRiskware ( 00584baa1 )
AlibabaAdWare:Win32/Generic.8cb2e4c2
K7GWRiskware ( 00584baa1 )
CrowdStrikewin/grayware_confidence_100% (D)
CyrenW32/Trojan.HBCI-3584
SymantecPUA.Gen.2
TrendMicro-HouseCallTROJ_GEN.R002H07KL21
AvastWin32:Adware-gen [Adw]
Kasperskynot-a-virus:AdWare.Win32.Agent.xxyzmz
McAfee-GW-EditionArtemis
SophosGeneric PUA EN (PUA)
Antiy-AVLTrojan/Generic.ASMalwS.30FD5D6
MicrosoftProgram:Win32/Uwamson.A!ml
ViRobotAdware.Agent.5507360
VBA32Adware.Agent
RisingTrojan.Zpevdo!8.F912 (CLOUD)
MaxSecureTrojan.Malware.131117354.susgen
FortinetMalicious_Behavior.SB
AVGWin32:Adware-gen [Adw]

How to remove AdWare.Win32.Agent.xxyzmz?

AdWare.Win32.Agent.xxyzmz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment