Categories: Adware

What is “Adware:Win32/Ksdler.SA”?

The Adware:Win32/Ksdler.SA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Adware:Win32/Ksdler.SA virus can do?

  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Adware:Win32/Ksdler.SA?



File Info:

name: 7B3042DED6A3F963432B.mlwpath: /opt/CAPEv2/storage/binaries/e8a00c95819a73552585b560f4209fe9a84890846c9661b0e98fb889f2a468a7crc32: A75083BFmd5: 7b3042ded6a3f963432b7737d5a6476bsha1: 355a13a9cc2ee875449eb7d103726f393d6d4691sha256: e8a00c95819a73552585b560f4209fe9a84890846c9661b0e98fb889f2a468a7sha512: 385b12e3aa8eb00cc6de4c18905a70d1dfdd1959e8d56c8d25cbcf1d6f78b4ff19127c7fbae97e93a5c145ca2e557763dff79e6ec4c2aa877c842f63ed15eabessdeep: 12288:n5pFng23pYpB9DRx8NEmRW9ZxTTOpCQoDmad5IcMCPI5SHxRQHFNvUfd7:5rng23pIHDv6Emk9ZZiqKK5IfCPI56G2type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T105D42255FEA50004E24D5D322953D6F40021AC1AAAE035253AF9FFBFF93B3129A5923Fsha3_384: 5789f844353d5e9c554edd555bf7d0bcc8969932a9e8e5a959c8bf5c5e88f69023a00f17010110b97c3be19f7a5017ebep_bytes: 60be003057008dbe00e0e8ffc787c0d7timestamp: 2018-08-10 05:26:02

Version Info:

ProductVersion: 1.3.0.0FileVersion: 2018.810.1326.1CompanyName: Shanghai Janfei Network Technology Co., Ltd.FileDescription: Janfei Software HelperLegalCopyright: Shanghai Janfei Network Technology Co., Ltd.ProductName: Janfei Software HelperTranslation: 0x0804 0x03a8

Adware:Win32/Ksdler.SA also known as:

Bkav W32.AIDetect.malware2
Lionic Riskware.Win32.Generic.1!c
Elastic malicious (high confidence)
DrWeb Adware.Softcnapp.83
MicroWorld-eScan Gen:Variant.Application.Bundler.228
FireEye Generic.mg.7b3042ded6a3f963
CAT-QuickHeal Trojan.GenericIH.S13749768
ALYac Gen:Variant.Application.Bundler.228
Cylance Unsafe
Zillya Adware.KsDler.Win32.101
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 7000000f1 )
Alibaba Downloader:Win32/KsDler.2d151b2e
K7GW Trojan ( 7000000f1 )
Cybereason malicious.ed6a3f
BitDefenderTheta Gen:NN.ZelphiF.34062.NmKfaaKB7Rfj
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Adware.KsDler.A
APEX Malicious
Paloalto generic.ml
Kaspersky not-a-virus:HEUR:Downloader.Win32.Generic
BitDefender Gen:Variant.Application.Bundler.228
NANO-Antivirus Trojan.Win32.KsDler.fhhgmt
Avast Win32:Evo-gen [Susp]
Tencent Win32.Trojan-downloader.Generic.Ahye
Ad-Aware Gen:Variant.Application.Bundler.228
Sophos Generic PUA DF (PUA)
TrendMicro TROJ_GEN.R002C0DL621
McAfee-GW-Edition PUP-XFI-PZ
Emsisoft Gen:Variant.Application.Bundler.228 (B)
SentinelOne Static AI – Malicious PE
GData Gen:Variant.Application.Bundler.228
Jiangmin Downloader.Generic.ptl
MaxSecure Trojan.Malware.300983.susgen
Avira HEUR/AGEN.1118691
Antiy-AVL Trojan/Generic.ASMalwS.2964B6A
Gridinsoft Ransom.Win32.Sabsik.sa
Microsoft Adware:Win32/Ksdler.SA
Cynet Malicious (score: 100)
AhnLab-V3 PUP/Win32.Bundler.R241875
Acronis suspicious
McAfee GenericRXAA-AA!7B3042DED6A3
MAX malware (ai score=75)
VBA32 BScope.Adware.WDJiange
Malwarebytes Adware.Agent
TrendMicro-HouseCall TROJ_GEN.R002C0DL621
Rising Adware.KsDler!1.B330 (CLASSIC)
Yandex Trojan.GenAsa!w+Rv6KS2E9I
Ikarus PUA.INNOmod
eGambit Unsafe.AI_Score_99%
Fortinet Riskware/KsDler
AVG Win32:Evo-gen [Susp]
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (D)

How to remove Adware:Win32/Ksdler.SA?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Adware:Win32/Ksdler.SA
2 years ago

Recent Posts

How to remove “Malware.AI.2017919460”?

The Malware.AI.2017919460 is considered dangerous by lots of security experts. When this infection is active,…

2 mins ago

Should I remove “Malware.AI.2861677099”?

The Malware.AI.2861677099 is considered dangerous by lots of security experts. When this infection is active,…

43 mins ago

Malware.AI.4183435755 information

The Malware.AI.4183435755 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Dropped:Application.Generic.3571726 removal instruction

The Dropped:Application.Generic.3571726 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

What is “Trojan.Generic.35245150”?

The Trojan.Generic.35245150 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Malware.AI.1658877817 removal tips

The Malware.AI.1658877817 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago