Adware

Should I remove “Adware:Win32/BetterSurf”?

Malware Removal

The Adware:Win32/BetterSurf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Adware:Win32/BetterSurf virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A named pipe was used for inter-process communication
  • Starts servers listening on 127.0.0.1:0
  • Enumerates running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Steals private information from local Internet browsers
  • Attempts to create or modify a Browser Helper Object
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Adware:Win32/BetterSurf?


File Info:

name: 45C4955740EB900216FE.mlw
path: /opt/CAPEv2/storage/binaries/c047e9ca17b9c19161bd91a796dd1ac0cac7726a537f964df390117b6107ac6c
crc32: 23F8ACDE
md5: 45c4955740eb900216fea61f609b77ad
sha1: 39b3d20ccf4c38011d97e01caf01fb721af95744
sha256: c047e9ca17b9c19161bd91a796dd1ac0cac7726a537f964df390117b6107ac6c
sha512: eaba6efa006cc3373f4eb58097a7a368fd830734fd29f6cf6ac0e6dfd51191750e36411b55235fe86b6761a97102bd0798b36fc7bcf1e021e409f85da89cb7f5
ssdeep: 12288:S383yB/G4GjeZHkwuPikQ7lKH5p5H9x13EeZHkwuriZQZlKh5pQxlMjVWf:SsCB/G4GjeZEXi37l6Br1UeZEjiOZlWY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15DD423EA1F925533DAC9613E8A34FFADC7F0A45984E356E78B671DBA3EC23D62500440
sha3_384: 5bdd40695be986f78a31e80795c96d8ed640ec1559f1c934bb22f3bf5a205780abb69820ebfb3553f7546a9ac13bad7d
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:52

Version Info:

CompanyName: Media Watch
CompanyWebsite:
FileDescription:
FileVersion: 1.1
LegalCopyright:
ProductName: Media Watch home 644
ProductVersion: 1.1
Translation: 0x0000 0x04e4

Adware:Win32/BetterSurf also known as:

BkavW32.AIDetect.malware2
LionicAdware.Win32.BetterSurf.lXl2
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Adware.BetterSurf.15
CAT-QuickHealAdware.BetterSurf.B5
ALYacGen:Variant.Mikey.74011
CylanceUnsafe
SangforTrojan.Win32.Occamy.C
K7AntiVirusUnwanted-Program ( 0040f7f51 )
AlibabaAdWare:Win32/Amonetize.f65403fd
K7GWUnwanted-Program ( 0040f7f51 )
Cybereasonmalicious.740eb9
VirITAdware.Win32.BetterSurf.CDP
CyrenW32/Medfos.AE.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
TrendMicro-HouseCallTROJ_SPNR.0BCU14
Paloaltogeneric.ml
ClamAVWin.Dropper.LokiBot-9938750-0
Kasperskynot-a-virus:AdWare.Win32.BetterSurf.b
BitDefenderGen:Variant.Adware.BetterSurf.15
NANO-AntivirusRiskware.Win32.BetterSurf.cvrrct
SUPERAntiSpywareAdware.BetterSurf/Variant
APEXMalicious
TencentWin32.Adware.Bettersurf.Pega
EmsisoftApplication.InstallMon (A)
ComodoApplication.JS.BetterSurf.B@5c6sol
DrWebTrojan.Amonetize.10
ZillyaAdware.BetterSurf.Win32.14820
TrendMicroTROJ_SPNR.0BCU14
McAfee-GW-EditionBehavesLike.Win32.AdwareAdload.jc
Trapminemalicious.high.ml.score
FireEyeGen:Variant.Adware.BetterSurf.15
SophosBetterSurf (PUA)
Ikarusnot-a-virus:AdWare.Win32.BetterSurf
GDataWin32.Adware.Amonetize.M
JiangminAdWare.Amonetize.arbm
WebrootW32.Adware.Gen
AviraADWARE/Adware.Gen7
MAXmalware (ai score=99)
KingsoftWin32.Troj.BetterSurf.b.(kcloud)
ArcabitTrojan.Adware.BetterSurf.15
ViRobotAdware.Bettersurf.649706.D
ZoneAlarmnot-a-virus:HEUR:AdWare.Script.MediaWatch.gen
MicrosoftAdware:Win32/BetterSurf
CynetMalicious (score: 100)
AhnLab-V3Adware/Win32.BetterSurf.C233448
McAfeeArtemis!45C4955740EB
VBA32Adware.Amonetize
MalwarebytesPUP.Optional.MediaWatch
AvastNSIS:Amonetize-F [PUP]
RisingTrojan.Generic@AI.89 (RDML:DKHaQmjhft3cK0uFZhl+NQ)
YandexPUA.BetterSurf!ja7JaKktz/8
SentinelOneStatic AI – Malicious PE
FortinetAdware/BetterSurf
AVGNSIS:Amonetize-F [PUP]
PandaTrj/NsisDownloader.A
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Adware:Win32/BetterSurf?

Adware:Win32/BetterSurf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment