AdWare.Win32.StartSurf.cfgi removal tips

The AdWare.Win32.StartSurf.cfgi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What AdWare.Win32.StartSurf.cfgi virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Creates RWX memory
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

Related domains:

wpad.local-net

dill.orangessmoke.xyz

potato.giraffegiraffe.website

How to determine AdWare.Win32.StartSurf.cfgi?


File Info:
name: DF60A33037B60951BEAE.mlw
path: /opt/CAPEv2/storage/binaries/22dc1d57032bb2332d059f0218229fd68adf8b137d47ba88b639eb320cd65dbc
crc32: A620A560
md5: df60a33037b60951beae41145cfcd14b
sha1: c925f10f71e93b6739fc1e0068b4038121093dd8
sha256: 22dc1d57032bb2332d059f0218229fd68adf8b137d47ba88b639eb320cd65dbc
sha512: 6fa05db01fa5dfb160e15811064e787dd53b1986dfcec6555fbb1279d46e3602948dfd01db142d6e711ff05894b0bd6184643973d0f243e1c66de59cf48c93b5
ssdeep: 24576:0W4VDcsL9t7LljR/prKItYOL7VxPW3YJdX:0W0t7p517Y8UIJdX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19965BD32E377CF3AD7628A720B218141E17CDA191B67FC66B449276998BCF958700DE3
sha3_384: 6b4f042edc80588c77a6692292ed2bb920ede9e9f9edd1d429f939919a62ee1d57efcf0f5c5bfc5fbf60d0f98f834a11
ep_bytes: e801100000e97ffeffff558bec8b4508
timestamp: 2016-05-09 13:27:24

Version Info:
0: [No Data]

AdWare.Win32.StartSurf.cfgi also known as:

Bkav	W32.AIDetect.malware1
Lionic	Adware.Win32.StartSurf.2!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Mint.Zamg.1
FireEye	Generic.mg.df60a33037b60951
CAT-QuickHeal	Swbndlr.Dlhelper.V2
ALYac	Gen:Heur.Mint.Zamg.1
Malwarebytes	Adware.IStartSurf
Zillya	Adware.StartSurf.Win32.50668
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0053d2701 )
Alibaba	AdWare:Win32/StartSurf.a73ecd42
K7GW	Trojan ( 0053d2701 )
Cybereason	malicious.037b60
BitDefenderTheta	Gen:NN.ZexaF.34294.DzW@aOxjnPmi
Cyren	W32/Kryptik.DSV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.GKQR
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	not-a-virus:AdWare.Win32.StartSurf.cfgi
BitDefender	Gen:Heur.Mint.Zamg.1
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Rising	Trojan.Kryptik!1.B33C (CLASSIC)
Ad-Aware	Gen:Heur.Mint.Zamg.1
Emsisoft	Gen:Heur.Mint.Zamg.1 (B)
Comodo	Malware@#1633a1p0fu2bt
DrWeb	Trojan.Vittalia.17914
McAfee-GW-Edition	BehavesLike.Win32.Packed.tm
Sophos	IStartSurfInstaller (PUA)
SentinelOne	Static AI – Malicious PE
GData	Gen:Heur.Mint.Zamg.1
Jiangmin	AdWare.StartSurf.cxsd
eGambit	Unsafe.AI_Score_99%
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=99)
Antiy-AVL	Trojan/Generic.ASMalwS.2801CA4
Arcabit	Trojan.Mint.Zamg.1
APEX	Malicious
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	PUP/Win32.StartSurf.C2716524
Acronis	suspicious
McAfee	Packed-FKC!DF60A33037B6
VBA32	BScope.Adware.DownloadHelper
Tencent	Malware.Win32.Gencirc.10cc46de
Yandex	PUA.StartSurf!84bBd01u0EE
Ikarus	PUA.Dlhelper
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.GJJV!tr
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_60% (D)

How to remove AdWare.Win32.StartSurf.cfgi?

AdWare.Win32.StartSurf.cfgi removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

AdWare.Win32.StartSurf.cfgi removal tips