AdWare.Win32.StartSurf.brbt malicious file

The AdWare.Win32.StartSurf.brbt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What AdWare.Win32.StartSurf.brbt virus can do?

Executable code extraction
Creates RWX memory
Attempts to repeatedly call a single API many times in order to delay analysis time
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

all.fingersleep.bid

none.coalrate.men

How to determine AdWare.Win32.StartSurf.brbt?


File Info:
crc32: 0463537E
md5: fbccda68129d445469babc3eec347149
name: FBCCDA68129D445469BABC3EEC347149.mlw
sha1: 4c5dd9239f96deb6c6c0447b58e1eb071d7f0cd9
sha256: 02f0372cf78cfbd9dd6bf009606995473dd71245e55d2e4d7887275d9e4fae04
sha512: ed4db089fd73bde8c5f7f00151153c241fe3c7967957e215ffb061f003ad394a82585c021a425f4b326afe2dd3790797ccce6d0937dc40e29228ffddf2298c4a
ssdeep: 24576:DQSez2RyaT2aA+HnxIDKokmd3yqge2EKsXtcHuoHg7UctgRCHxCH:nez28M/vojILPsXmcUzRcm
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: xa9Etierrie owboesagonepi 
InternalName: YLHEOBOKFEIJE.EXE
FileVersion: 1.6.8.6
CompanyName: xa9Etierrie owboesagonepi 
ProductName: YLHEOBOKFEIJE
ProductVersion: 1.6.8.6
OriginalFilename: ylheobokfeije.exe
Translation: 0x0409 0x04e4

AdWare.Win32.StartSurf.brbt also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0053ba2f1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Vittalia.17914
Cynet	Malicious (score: 100)
CAT-QuickHeal	Swbndlr.Dlhelper.V2
ALYac	Application.Bundler.iStartSurf.1.Gen
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.3370486
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	AdWare:Win32/StartSurf.1d0be2d6
K7GW	Trojan ( 0053ba2f1 )
Cybereason	malicious.8129d4
Cyren	W32/Trojan.IEOH-4115
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.GJAJ
APEX	Malicious
Avast	FileRepMalware
ClamAV	Win.Trojan.Agent-6616790-0
Kaspersky	not-a-virus:AdWare.Win32.StartSurf.brbt
BitDefender	Application.Bundler.iStartSurf.1.Gen
NANO-Antivirus	Riskware.Win32.StartSurf.ffojxt
MicroWorld-eScan	Application.Bundler.iStartSurf.1.Gen
Tencent	Malware.Win32.Gencirc.10c980e3
Ad-Aware	Application.Bundler.iStartSurf.1.Gen
Sophos	Generic PUA EM (PUA)
Comodo	Application.Win32.Dlhelper.GJ@8137f9
BitDefenderTheta	Gen:NN.ZexaF.34266.6r0@a4wAoGci
McAfee-GW-Edition	BehavesLike.Win32.Dropper.tt
FireEye	Generic.mg.fbccda68129d4454
Emsisoft	Application.Bundler.iStartSurf.1.Gen (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	AdWare.StartSurf.buv
Avira	TR/Crypt.XPACK.Gen4
Antiy-AVL	Trojan/Generic.ASMalwS.270875D
Microsoft	Trojan:Win32/Wacatac.A!ml
Arcabit	Application.Bundler.iStartSurf.1.Gen
GData	Application.Bundler.iStartSurf.1.Gen
AhnLab-V3	PUP/Win32.IStartSurf.R232357
Acronis	suspicious
McAfee	Packed-FKC!FBCCDA68129D
MAX	malware (ai score=97)
VBA32	Trojan.Vittalia
Malwarebytes	Adware.IStartSurf
Panda	Trj/GdSda.A
Rising	Trojan.Kryptik!1.B33C (CLASSIC)
Yandex	Trojan.GenAsa!OT0IgTgUdxU
Ikarus	PUA.Dlhelper
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.GIST!tr
AVG	FileRepMalware
Paloalto	generic.ml

How to remove AdWare.Win32.StartSurf.brbt?

AdWare.Win32.StartSurf.brbt removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

AdWare.Win32.StartSurf.brbt malicious file