Malware

AdWare.Win32.FileTour.hztq information

Malware Removal

The AdWare.Win32.FileTour.hztq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What AdWare.Win32.FileTour.hztq virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Detects the presence of Wine emulator via registry key

Related domains:

ec2-52-29-33-28.eu-central-1.compute.amazonaws.com

How to determine AdWare.Win32.FileTour.hztq?


File Info:

crc32: 9D8CC255
md5: 8be4c32ece917cf6ed3cb56e3e1966e4
name: 8BE4C32ECE917CF6ED3CB56E3E1966E4.mlw
sha1: 7482f8737b0578f7e7d9f7ddacfc3f78da5e0d0a
sha256: 1dbddd6e5d35a9a45b58b52fc0a4f28b8ccd2c4d1b1726075c9fd99e54e6f430
sha512: 06d42f646627918a7a7a3c5d0bbc9ce2701a186ef2b240a336e7268a7fe9492e307340aa72a70a118445787b7c6c4f2ec17ffe918a395cf96b70854a7ba961a6
ssdeep: 24576:Ep2LYIil0OPZg/BgwiY+nBn6Gn9m7XulpPq:g+RuZgqF/nBn6G9C+lRq
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:

LegalCopyright: Copyright xa9 2005-2017 Piriform Ltd
InternalName: ccleaner
FileVersion: 5, 32, 00, 6129
CompanyName: Piriform Ltd
Comments: CCleaner
ProductName: CCleaner
ProductVersion: 5, 32, 00, 6129
FileDescription: CCleaner
OriginalFilename: ccleaner.exe
Translation: 0x0409 0x04b0

AdWare.Win32.FileTour.hztq also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 0052106f1 )
LionicAdware.Win32.FileTour.2!c
Elasticmalicious (high confidence)
DrWebTrojan.InstallCube.2620
CynetMalicious (score: 100)
CAT-QuickHealSwBundler.ICLoader.YB5
ALYacGen:Variant.Babar.26130
CylanceUnsafe
CrowdStrikewin/malicious_confidence_60% (D)
K7GWTrojan ( 0052106f1 )
Cybereasonmalicious.ece917
CyrenW32/S-81a5fa03!Eldorado
ESET-NOD32a variant of Win32/Kryptik.GATN
APEXMalicious
AvastWin32:DangerousSig [Trj]
Kasperskynot-a-virus:AdWare.Win32.FileTour.hztq
BitDefenderGen:Variant.Babar.26130
NANO-AntivirusTrojan.Win32.Ekstak.ewfjdr
MicroWorld-eScanGen:Variant.Babar.26130
TencentWin32.Trojan.Falsesign.Efbg
Ad-AwareGen:Variant.Babar.26130
SophosMal/Generic-S
ComodoTrojWare.Win32.Crypt.B@7o6bny
F-SecureAdware.ADWARE/ICLoader.Gen7
BitDefenderThetaGen:NN.ZexaF.34266.Bv1@am59Y3dk
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionPacked-OF!8BE4C32ECE91
FireEyeGeneric.mg.8be4c32ece917cf6
EmsisoftApplication.InstallMon (A)
SentinelOneStatic AI – Malicious PE
AviraADWARE/ICLoader.Gen7
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Win32.TSGeneric
MicrosoftSoftwareBundler:Win32/ICLoader
ArcabitTrojan.Babar.D6612
GDataGen:Variant.Babar.26130
AhnLab-V3Adware/Win32.FileTour.R216468
Acronissuspicious
McAfeePacked-OF!8BE4C32ECE91
MAXmalware (ai score=99)
VBA32BScope.Trojan.Ekstak
MalwarebytesAdware.FileTour
PandaTrj/Genetic.gen
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazoWC9G+P2Za2/QP5lV5NQA6)
YandexTrojan.GenAsa!f3FfjiRCjhQ
IkarusPUA.FileTour
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.GYQC!tr
AVGWin32:DangerousSig [Trj]

How to remove AdWare.Win32.FileTour.hztq?

AdWare.Win32.FileTour.hztq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment