Fake

About “AdWare.Win32.FakeTrader” infection

Malware Removal

The AdWare.Win32.FakeTrader is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AdWare.Win32.FakeTrader virus can do?

  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Queries information on disks, possibly for anti-virtualization
  • Checks the version of Bios, possibly for anti-virtualization
  • Collects information to fingerprint the system

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine AdWare.Win32.FakeTrader?



File Info:

crc32: 3E8CBECF
md5: 219631b248bd8ea118732774491da3d4
name: amden-metatrader-4.exe
sha1: 903b48efe1609219114aa0d90039f4c06627a641
sha256: 4561b08d592691e450f52643ffc04b69dc5e69cda7e1fdd3983ff73ffe4951eb
sha512: 558589c105376d7adb4852fe897ab203af09f02952b06617f39d0355cbb20583b477e52a9c1b39c309588dfcc805754c334b7a1c3d9cb0c1a4a760647681329d
ssdeep: 6144:vlO70LJFAbfFJxsKDyY+9RqTxgaLXyK1TzpXbMxj1QKkJDUSlw6/k1j3V:vlkyIf1f6RqTGaLiK1TnKMDUkCjF
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: xa9 2001-2013, MetaQuotes Software Corp.
InternalName: Setup
FileVersion: 5.0.0.744
CompanyName: MetaQuotes Software Corp.
LegalTrademarks: MetaTrader
Comments: http://www.metaquotes.net
ProductName: Setup
ProductVersion: 5.0.0.744
FileDescription: Setup
OriginalFilename: Setup
Translation: 0x0000 0x04b0

AdWare.Win32.FakeTrader also known as:

CylanceUnsafe
ZillyaWorm.Snorm.Win32.163
APEXMalicious
Kasperskynot-a-virus:HEUR:AdWare.Win32.FakeTrader.gen
AegisLabAdware.Win32.FakeTrader.2!c
SophosGeneric PUA JA (PUA)
JiangminAdware.Agent.amae
Antiy-AVLGrayWare[AdWare]/Win32.FakeTrader
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.FakeTrader.gen
MicrosoftPUA:Win32/Presenoker
VBA32Adware.Agent
RisingPUF.Presenoker!8.F608 (CLOUD)
Paloaltogeneric.ml
Qihoo-360Win32/Virus.Adware.9fb

How to remove AdWare.Win32.FakeTrader?

AdWare.Win32.FakeTrader removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment