Adware

Adware:Win32/Tnega information

Malware Removal

The Adware:Win32/Tnega is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Adware:Win32/Tnega virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode get eip malware family
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Adware:Win32/Tnega?



File Info:

name: 28FB7D6CD3F60473AD13.mlw
path: /opt/CAPEv2/storage/binaries/d591c3541b4d4cebcb9197b6b4589bf7b61d4c563b2cd22581e2af5f07cb7b08
crc32: 98BDC671
md5: 28fb7d6cd3f60473ad13e73a77f5d279
sha1: 476da918f39633939412ad2bf7a33a449f1c7b84
sha256: d591c3541b4d4cebcb9197b6b4589bf7b61d4c563b2cd22581e2af5f07cb7b08
sha512: d372b69245f0823b5d3422396eb43a32af6e975b773fccc0cd18491b07a9b9d2267513819fcf84778a327dd8e716e9c351caa6afc4a9ff56f097406bd53f534e
ssdeep: 6144:Nf796MRAjXvujSLdvNJPT0zG+6g9D5lS0W:R79WjXvVA0g9lLW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C314C0217EE4C87AD2510972CE5C2BEAD2F5D7240E218CA777A4091D7E3D741D20AFAE
sha3_384: 98aa267f8d2a3f8bba349fe0ba8e48d250adac7329b8ba2d2f567387823a463bd84bd6c5261ea6ffa4836c8f9cf2cf15
ep_bytes: 558bec6aff68487c410068a04d410064
timestamp: 2007-07-22 02:33:05


Version Info:

Comments: 
CompanyName: Oleg N. Scherbakov
FileDescription: 7z Setup SFX
FileVersion: 1, 2, 0, 715
InternalName: 7ZSfxNew
LegalCopyright: Copyright © 2005-2007 Oleg N. Scherbakov
LegalTrademarks: 
OriginalFilename: 7ZSfxNew.exe
PrivateBuild: July 14, 2007
ProductName: 7ZSfxNew
ProductVersion: 1, 2, 0, 715
SpecialBuild: 
Translation: 0x0000 0x04b0

Adware:Win32/Tnega also known as:

BkavW32.AIDetectMalware
LionicAdware.Win32.Generic.2!c
DrWebAdware.Plugin.278
SkyhighBehavesLike.Win32.Dropper.cc
Cylanceunsafe
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderThetaGen:NN.ZexaCO.36744.oq0@aWPxWomb
VirITAdware.Win32.Plugin.KS
SymantecPUA.Gen.2
ESET-NOD32a variant of Win32/Adware.Agent.NWE
APEXMalicious
CynetMalicious (score: 100)
AvastWin32:Malware-gen
SophosGeneric Reputation PUA (PUA)
F-SecureAdware.ADWARE/Agent.gxzts
WebrootW32.Hacktool.Kms
AviraADWARE/Agent.gxzts
MicrosoftAdware:Win32/Tnega
McAfeeArtemis!28FB7D6CD3F6
MalwarebytesGeneric.Malware/Suspicious
RisingAdware.Agent!8.71 (CLOUD)
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Adware:Win32/Tnega?

Adware:Win32/Tnega removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment