Malware

AdWare.Win32.Relevant.kez removal instruction

Malware Removal

The AdWare.Win32.Relevant.kez is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AdWare.Win32.Relevant.kez virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine AdWare.Win32.Relevant.kez?



File Info:

name: ED2CB1BD201AE9ACA910.mlw
path: /opt/CAPEv2/storage/binaries/e83fb6d8fed55704602dd8c27f9c55e09fb4beee88f10886ae71e701a085ecec
crc32: E58A3CC5
md5: ed2cb1bd201ae9aca9102ff10dbc4983
sha1: d1999da467fe720726cccaad11eb38a99e87a40b
sha256: e83fb6d8fed55704602dd8c27f9c55e09fb4beee88f10886ae71e701a085ecec
sha512: 73b3827e2e761285ed7901155d8779168024c5b6ce7aa2e11129267fbd6f352dbad9daa167e222a6fb8dd362142e58cad52056bc994d1374a12043dc5fe5bdb2
ssdeep: 49152:dqkbcmADEBqffV5ipsJKGTx8MHCIx/XXGtxFEUOmQOkdHfzDOSyPlziANGr:8LfVloplGTx7HTx/X6xFnXkd/fCAANc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T130C52302B7DB8871F36900B49429904CAC3FBD3419FA663A6CB9FA1F19793C25C7B552
sha3_384: 39e0eb98c937ff361983a216fa58e8feec478b151402d9b8365116933cd471d6943bc05b3b70d99f829e6180cda4e9c4
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2011-12-20 14:16:50


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Paralogue0.30                                               
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Paralogue0.30                                               
ProductVersion: 0.0                 
Translation: 0x0000 0x04b0

AdWare.Win32.Relevant.kez also known as:

BkavW32.Common.8C8F0603
LionicAdware.Win32.Relevant.2!c
SkyhighBehavesLike.Win32.PUP.vc
McAfeeArtemis!ED2CB1BD201A
Cylanceunsafe
SangforAdware.Win32.Relevant.V7bw
AlibabaAdWare:Win32/Relevant.c4020058
Elasticmalicious (moderate confidence)
CynetMalicious (score: 100)
Kasperskynot-a-virus:AdWare.Win32.Relevant.kez
AvastWin32:Adware-gen [Adw]
IkarusTrojan.Spy.Stealer
ZoneAlarmnot-a-virus:AdWare.Win32.Relevant.kez
MalwarebytesGeneric.Malware/Suspicious
TrendMicro-HouseCallTROJ_GEN.R002H07AN24
RisingTrojan.Generic@AI.97 (RDML:1c9Af1kepCStf28viWBAuQ)
MaxSecureTrojan.Malware.230135882.susgen
FortinetRiskware/Stealer
AVGWin32:Adware-gen [Adw]
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_70% (D)

How to remove AdWare.Win32.Relevant.kez?

AdWare.Win32.Relevant.kez removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment