Adware

Adware:Win32/Skeeyah.A!rfn removal

Malware Removal

The Adware:Win32/Skeeyah.A!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Adware:Win32/Skeeyah.A!rfn virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid

How to determine Adware:Win32/Skeeyah.A!rfn?


File Info:

name: 2592FB8859AF3EBF5A23.mlw
path: /opt/CAPEv2/storage/binaries/15a0a64a7a8d2abfcb98893114207fb864dfc3a05c72252805bba81a47d5616a
crc32: 4A1F5A57
md5: 2592fb8859af3ebf5a23dfb5864ed870
sha1: 0cfeebde88a9b74f50aa59e7fc827136ae599190
sha256: 15a0a64a7a8d2abfcb98893114207fb864dfc3a05c72252805bba81a47d5616a
sha512: c86c05a78080eba73c76248dab9bd5e009fab54307f7d7b334ae0d4725db7ff6894edc375e74ac50bd14cff4a3895ad92fedcc7d4867f6d1e72e588a6ad560e0
ssdeep: 49152:tcg2vQseM2tFIzo+R7SJoMDwXj4Dfjqgc1ClF:525eM2tazbZtj8Degc1C/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C7953350B258C17FCA238BB91811A1D3ABEEF13B04DF70475E6629257F26A83314F75A
sha3_384: 1d0d46a8ed2d1308be4a8a0964e5178c7d4609bbb0f9c745de95d21fb90457929f4f4ff0633ecf4d53fe0075d46280bd
ep_bytes: 81ecd40200005356576a205f33db6801
timestamp: 2016-07-25 00:55:39

Version Info:

FileDescription: wwozhvsf
OriginalFilename: rwlewffd
ProductName: lmtaqvhjb
Translation: 0x0409 0x04b0

Adware:Win32/Skeeyah.A!rfn also known as:

BkavW32.AIDetect.malware2
LionicAdware.Win32.Generic.2!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Application.Jaik.42767
FireEyeGeneric.mg.2592fb8859af3ebf
McAfeeICLoader
CylanceUnsafe
SangforTrojan.Win32.Save.a
AlibabaAdWare:Win32/HPDefender.4588c115
Cybereasonmalicious.859af3
ArcabitTrojan.Application.Jaik.DA70F
BitDefenderThetaGen:NN.ZexaE.34606.kC0@aaPwYkmi
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
Paloaltogeneric.ml
Kasperskynot-a-virus:HEUR:AdWare.Win32.Generic
BitDefenderGen:Variant.Application.Jaik.42767
NANO-AntivirusTrojan.Nsis.ICLoader.ermqlt
CynetMalicious (score: 100)
APEXMalicious
TencentWin32.Adware.Generic.Hrfe
Ad-AwareGen:Variant.Application.Jaik.42767
SophosGeneric PUA AM (PUA)
ComodoApplicUnwnt@#3jbaiobgxyylw
VIPREGen:Variant.Application.Jaik.42767
McAfee-GW-EditionBehavesLike.Win32.ICLoader.tc
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Application.Jaik.42767 (B)
IkarusPUA.HPDefender
AviraHEUR/AGEN.1210119
MAXmalware (ai score=74)
Antiy-AVLTrojan/Generic.ASMalwS.37EA
MicrosoftAdware:Win32/Skeeyah.A!rfn
GDataGen:Variant.Application.Jaik.42767
GoogleDetected
AhnLab-V3Adware/Win32.RL_HPDefender.R272251
VBA32BScope.Trojan.Occamy
ALYacGen:Variant.Application.Jaik.42767
AvastWin32:Malware-gen
RisingTrojan.Generic@AI.100 (RDML:XUgztcZUqNTXquxlWYmg3Q)
YandexTrojan.GenAsa!hTUH0SPu9vU
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.12185567.susgen
FortinetRiskware/HPDefender
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/grayware_confidence_100% (D)

How to remove Adware:Win32/Skeeyah.A!rfn?

Adware:Win32/Skeeyah.A!rfn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment