Malware

AdWare.Win32.Ruco.ctv removal guide

Malware Removal

The AdWare.Win32.Ruco.ctv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AdWare.Win32.Ruco.ctv virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk

How to determine AdWare.Win32.Ruco.ctv?



File Info:

name: C27BA15EFD8B8DD2E46E.mlw
path: /opt/CAPEv2/storage/binaries/58fa8e557d6b3e1d014ccf9b6f5d96ce8dbcada18130956862d45db3f431ab70
crc32: 83555F28
md5: c27ba15efd8b8dd2e46e6cbec1067c33
sha1: 1295db0bf44d072475add1dbf7c91309ec368918
sha256: 58fa8e557d6b3e1d014ccf9b6f5d96ce8dbcada18130956862d45db3f431ab70
sha512: 9e01d6ba6e157072be76db31dd8ffb90ae24d24852e28ad5ee81fa2047e896cdcf29ae7cfc55a0390ed9def790c1dfa436ba9d43a65d54813d97fec0bed98b4b
ssdeep: 196608:UaA2lTxZLUkT6U62/Q0xpCT248yRZ4XQnt8NjLwJ+bf44:91LUkT6KQECn8Y4XqGjLwJ+b1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E0A633AF51BE874BE7997CBE98F36D51AE307E922D7486AC37D134B42C314AD0006726
sha3_384: c6a33109d440ce6abbe8c00e875fbf91754953220f0d263e1368c46d0f388d491e09cfaedd8e201290db6bc7d619ac0f
ep_bytes: 60be00f0da008dbe002065ff57eb0b90
timestamp: 2020-05-26 07:50:01


Version Info:

FileVersion: 16.1.20.526
LegalCopyright: Copyright © 2013-2015
ProductVersion: 16.1.20.526
授权方式: arFi
Translation: 0x0804 0x04b0

AdWare.Win32.Ruco.ctv also known as:

BkavW32.AIDetect.malware2
LionicAdware.Win32.Ruco.2!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47648644
FireEyeGeneric.mg.c27ba15efd8b8dd2
McAfeeArtemis!C27BA15EFD8B
CylanceUnsafe
ZillyaTrojan.Generic.Win32.1064295
SangforTrojan.Win32.Autoit.Y
K7AntiVirusTrojan ( 700000111 )
AlibabaAdWare:Win32/MiscX.88d8618f
K7GWTrojan ( 700000111 )
Cybereasonmalicious.efd8b8
CyrenW32/Trojan.JMXF-7530
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Autoit.Y suspicious
APEXMalicious
Paloaltogeneric.ml
Kasperskynot-a-virus:AdWare.Win32.Ruco.ctv
BitDefenderTrojan.GenericKD.47648644
NANO-AntivirusTrojan.Win32.Mlw.hleipm
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.47648644
SophosMal/Generic-S (PUA)
DrWebTrojan.MulDrop18.60229
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
EmsisoftTrojan.GenericKD.47648644 (B)
GDataTrojan.GenericKD.47648644
JiangminAdWare.Ruco.rx
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASCommon.1B8
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Ymacco.AB58
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Crypt.C4779894
ALYacTrojan.GenericKD.47648644
MAXmalware (ai score=86)
VBA32Trojan.Occamy
MalwarebytesMalware.AI.1242857336
TrendMicro-HouseCallTROJ_GEN.R002H0CKJ21
RisingTrojan.Generic!8.C3 (CLOUD)
MaxSecureTrojan.Malware.138632990.susgen
FortinetRiskware/Application
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove AdWare.Win32.Ruco.ctv?

AdWare.Win32.Ruco.ctv removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment