Malware

AdWare.Win32.Guanbi removal instruction

Malware Removal

The AdWare.Win32.Guanbi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AdWare.Win32.Guanbi virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine AdWare.Win32.Guanbi?



File Info:

name: ECA7A77BA84A380A1753.mlw
path: /opt/CAPEv2/storage/binaries/8230c268e392f98e25dbb3022fca1d0392ba4ee2729d6cad05860e74af0bcadd
crc32: DCAEBEEF
md5: eca7a77ba84a380a1753641ebd7a7e75
sha1: b36f306cb5d0b287af76dc61b810bba9e3e38856
sha256: 8230c268e392f98e25dbb3022fca1d0392ba4ee2729d6cad05860e74af0bcadd
sha512: ee9cf4aa79e6670e17ad9d76c057ec585852eb17f9c89f8c9dc6b063e2617192691b20a69a7d5dd40c643374b82276080721914846756d071f7bc265f549e481
ssdeep: 24576:lRP/SeM4BFTCUoICqkaqsTTeo5rED68yhg5bbUm945CnVaC:jMcuRqIsTTBeO85bbQ5CnVaC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D7656B2175468036FBB241F1BFE9766DC5B979601F3440CBE3D8C91839A88D16E3BB26
sha3_384: ea19be45c0438f877fc81eac7b43b0f383d48a95936de5805e686b70cb27b3b3c26d7c70c760d97eae10db4ac1f4766b
ep_bytes: e8530f0000e98efeffff6a0c68f0b751
timestamp: 2023-02-20 09:03:49


Version Info:

CompanyName: Shanghai Shaji Network Technology
FileDescription: 风云语音文字转换器卸载程序
FileVersion: 1.0.0.1
InternalName: Uninst.exe
LegalCopyright: Copyright (C) 2019 Shanghai Shaji Network Technology
OriginalFilename: Uninst.exe
ProductName: 风云语音文字转换器卸载程序
ProductVersion: 1.0.0.1
Translation: 0x0804 0x04b0

AdWare.Win32.Guanbi also known as:

BkavW32.Common.EF469034
Elasticmalicious (moderate confidence)
SkyhighBehavesLike.Win32.PUP.th
McAfeeArtemis!ECA7A77BA84A
Cylanceunsafe
ZillyaAdware.Guanbi.Win32.6
SangforAdware.Win32.Agent.Vspr
CrowdStrikewin/grayware_confidence_100% (W)
Kasperskynot-a-virus:HEUR:AdWare.Win32.Guanbi.gen
AvastWin32:AdwareX-gen [Adw]
TencentAdWare.Win32.Guanbi.505101
JiangminAdWare.Guanbi.c
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.Guanbi.gen
MalwarebytesPUP.Optional.ChinAd
RisingAdware.Guanbi!8.17742 (CLOUD)
MaxSecureTrojan.Malware.206353435.susgen
FortinetRiskware/Application
AVGWin32:AdwareX-gen [Adw]
DeepInstinctMALICIOUS

How to remove AdWare.Win32.Guanbi?

AdWare.Win32.Guanbi removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment