Adware

Adware:Win32/Convagent!mclg removal instruction

Malware Removal

The Adware:Win32/Convagent!mclg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Adware:Win32/Convagent!mclg virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Adware:Win32/Convagent!mclg?


File Info:

name: 6E3D716F8F29E6F7E033.mlw
path: /opt/CAPEv2/storage/binaries/9b89bfe3eaf508cd460eae532abdbb4d73272640265c1c0408da4bd9ddbb142f
crc32: 17A0EA25
md5: 6e3d716f8f29e6f7e033e8cc672e45ea
sha1: 69978e235ccd9ae6ba3df344a8c962f5e666b14b
sha256: 9b89bfe3eaf508cd460eae532abdbb4d73272640265c1c0408da4bd9ddbb142f
sha512: 461f61c7da1c18de97b1d3597667e94dc7e45573a16e18e3a6c375bae69b01fbacc7a1aec8d0524933dc4116e42e4c58a1126fdefb3c41701fdf73d5f40e8c1e
ssdeep: 24576:91OYda+w1G6kH+11SSR12M4+cJmmKUcWm//smuMUct:91OsF76kgzIGcJmmKrWQ/smuMUct
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16325132038F1C8FAE38311338E547FE5E5FED6240F318877279A4A1E5E7D684C626669
sha3_384: 7098ebab6d2f09e9a52df560aff43c8baa519b9e283f095d5887f611a8b50bce9a8e0649e8925b69ed0be19fff8578bb
ep_bytes: 558bec6aff68e0b94100682c4a410064
timestamp: 2010-11-18 16:27:35

Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 9.20
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2010 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 9.20
Translation: 0x0409 0x04b0

Adware:Win32/Convagent!mclg also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.b!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.GenericKD.39229802
FireEyeTrojan.GenericKD.39229802
ALYacTrojan.GenericKD.39229802
CylanceUnsafe
SangforTrojan.Win32.Agent.teudub
K7AntiVirusRiskware ( 0040eff71 )
AlibabaRansom:Win32/Gandcrab.cdb6f8bb
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecTrojan.Gen.2
ESET-NOD32Win32/TrojanDownloader.Agent.GEC
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Dropper.Win32.Agent.teudub
BitDefenderTrojan.GenericKD.39229802
NANO-AntivirusTrojan.Win32.Drop.jngrqc
AvastWin32:Trojan-gen
RisingAdware.Neoreklami!1.ABC4 (CLOUD)
Ad-AwareTrojan.GenericKD.39229802
SophosMal/Generic-S
ComodoMalware@#22yh6wbot2uin
DrWebTrojan.Siggen17.25389
TrendMicroTROJ_FRS.VSNTCE22
McAfee-GW-EditionRDN/Generic Dropper
EmsisoftTrojan.GenericKD.39229802 (B)
IkarusTrojan-Downloader.Win32.Agent
GDataTrojan.GenericKD.39229802
WebrootW32.Malware.Gen
AviraTR/Drop.Agent.rdeon
KingsoftWin32.Troj.Agent.(kcloud)
ArcabitTrojan.Generic.D256996A
MicrosoftAdware:Win32/Convagent!mclg
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Sabsik.C5016731
McAfeeArtemis!6E3D716F8F29
MAXmalware (ai score=84)
VBA32TrojanDropper.Agent
MalwarebytesTrojan.Dropper
TrendMicro-HouseCallTROJ_FRS.VSNTCE22
TencentWin32.Trojan-dropper.Agent.Wqdp
FortinetAdware/Neoreklami
BitDefenderThetaGen:NN.ZexaF.34666.pvW@aqC2y4k
AVGWin32:Trojan-gen
Cybereasonmalicious.f8f29e
PandaTrj/CI.A

How to remove Adware:Win32/Convagent!mclg?

Adware:Win32/Convagent!mclg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment