Malware

AdWare.Win32.Ruco.ctj removal instruction

Malware Removal

The AdWare.Win32.Ruco.ctj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AdWare.Win32.Ruco.ctj virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Exhibits possible ransomware file modification behavior
  • Harvests cookies for information gathering

How to determine AdWare.Win32.Ruco.ctj?



File Info:

name: 363E21E90C36549F1785.mlw
path: /opt/CAPEv2/storage/binaries/33a7fe64cdadd87e935d3cf4dde5a51302f34191ba4b4dab8725fea658cd75cc
crc32: F361ECE2
md5: 363e21e90c36549f17855c42ffb5a11a
sha1: 6932b5629eb8787badcaa8eebe770cb0490381c1
sha256: 33a7fe64cdadd87e935d3cf4dde5a51302f34191ba4b4dab8725fea658cd75cc
sha512: c7d785f3c68b6b6ac36c39810b41154a3da8b0346cdcb37dae836a019f2966a18eb5b39acd145f24845070589d6b38b746f57df78d9e0a5672e82dad6ffc4480
ssdeep: 98304:pab1fjRDcn2BlJPD8Nzl2UT8mRaw8GFvuztrccwn4MUkTXe0W2APl5:Iftnt8NaLwJ+If4MUkTa245
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1836633EA12AC4A1BFBE47C79B1B33EA19F74BD567D38819F12D139187CB221A5404B34
sha3_384: ca10ca0da34aac81e61c1e9812b446b7b6b8fac98114fc4e422d6314546bdf9c0b48a5f709c2b48a63a23680e6d0ed22
ep_bytes: 60be00e0a5008dbe00309aff57eb0b90
timestamp: 2020-04-01 02:10:28


Version Info:

FileVersion: 6.1.20.401
LegalCopyright: Copyright © 2013-2015
ProductVersion: 6.1.20.401
授权方式: arFi
Translation: 0x0804 0x04b0

AdWare.Win32.Ruco.ctj also known as:

BkavW32.AIDetect.malware1
LionicAdware.Win32.Ruco.2!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.32870993
FireEyeGeneric.mg.363e21e90c36549f
ALYacTrojan.GenericKD.32870993
CylanceUnsafe
ZillyaAdware.Ruco.Win32.335
SangforRiskware.Win32.Agent.ky
K7AntiVirusTrojan ( 700000111 )
AlibabaTrojan:Win32/Autoit.ali2000008
K7GWTrojan ( 700000111 )
Cybereasonmalicious.90c365
CyrenW32/Trojan.GUOY-4682
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Autoit.Y suspicious
APEXMalicious
Paloaltogeneric.ml
Kasperskynot-a-virus:AdWare.Win32.Ruco.ctj
BitDefenderTrojan.GenericKD.32870993
NANO-AntivirusRiskware.Win32.Ruco.isflpx
RisingTrojan.Obfus/Autoit!1.C72A (CLASSIC)
Ad-AwareTrojan.GenericKD.32870993
SophosMal/Generic-S
ComodoMalware@#n1fcg697z25o
DrWebTrojan.MulDrop12.38521
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.vc
GDataWin32.Trojan.BSE.1IAHVXG
AviraHEUR/AGEN.1135820
Antiy-AVLTrojan/Generic.ASCommon.1B8
ArcabitTrojan.Generic.D1F59251
ViRobotTrojan.Win32.Z.Agent.6493696
MicrosoftTrojan:Win32/Occamy.C33
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R451403
McAfeeArtemis!363E21E90C36
MAXmalware (ai score=80)
VBA32Adware.Ruco
MalwarebytesMalware.AI.2616510892
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002H0CL221
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Application
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove AdWare.Win32.Ruco.ctj?

AdWare.Win32.Ruco.ctj removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment