BrowserModifier:Win32/DealPly!MTB removal guide

The BrowserModifier:Win32/DealPly!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What BrowserModifier:Win32/DealPly!MTB virus can do?

Creates RWX memory
Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine BrowserModifier:Win32/DealPly!MTB?


File Info:
name: 99A9B689C51D669AB2F4.mlw
path: /opt/CAPEv2/storage/binaries/02cae29add50f3064cc3e778bd4a1c502bd294c62e294f970d6d9426d2293fdd
crc32: 89926D61
md5: 99a9b689c51d669ab2f480d0bd94e789
sha1: 74ec53342bd70bcc96ad471f8fe91800b755a2c7
sha256: 02cae29add50f3064cc3e778bd4a1c502bd294c62e294f970d6d9426d2293fdd
sha512: 390c890bb8feac17707266c58ad30ec57b89ceab00751f567f49ffc6b839ceab583457160dbd0571d8ee04e4eade901a313c66480457ddb8159cfb80cbc3d2d5
ssdeep: 24576:5125PGhHD3dtumCJaMLvqoTQOiC5lT0NB03FX3JLpiS7euP7iXSIQutFeeFxC:5MEhjNtumK0OiC5iNG5RLNwiGxC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1575512613BE985B7C543027049ED63F6B0BA67454E21449723C4CF2E7E79AFA9338B24
sha3_384: 3c1cc6259cecea51e5497986dd9bcd75d597435e32ee3f3fcd09c65597877f9b8e76075f2d97222b402e31f38184f4ad
ep_bytes: 558bec6aff6878cc4200689676420064
timestamp: 2018-04-30 12:00:00

Version Info:
CompanyName: Igor Pavlov
FileDescription: 7z SFX
FileVersion: 18.05
InternalName: 7z.sfx
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename: 7z.sfx.exe
ProductName: 7-Zip
ProductVersion: 18.05
Translation: 0x0409 0x04b0

BrowserModifier:Win32/DealPly!MTB also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Updane.4!c
MicroWorld-eScan	Trojan.GenericKD.43720160
FireEye	Generic.mg.99a9b689c51d669a
McAfee	Artemis!99A9B689C51D
Cylance	Unsafe
Zillya	Trojan.Updane.Win32.905
Sangfor	Trojan.Win32.Updane.gen
K7AntiVirus	Riskware ( 00573f0f1 )
Alibaba	Trojan:Win32/Updane.5e9e429b
K7GW	Riskware ( 00573f0f1 )
Cybereason	malicious.9c51d6
Cyren	W32/Trojan.NLZE-2615
Symantec	Trojan.Gen.MBT
ESET-NOD32	Win32/Updane.A
TrendMicro-HouseCall	Adware.Win32.DealPly.RMYV
Avast	Win32:DealPly-gen [Adw]
ClamAV	Win.Malware.Dealply-7341353-0
Kaspersky	HEUR:Trojan.Win32.Updane.gen
BitDefender	Trojan.GenericKD.43720160
NANO-Antivirus	Virus.Win32.Gen.ccmw
Ad-Aware	Trojan.GenericKD.43720160
Emsisoft	Trojan.GenericKD.43720160 (B)
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Adware.Win32.DealPly.RMYV
McAfee-GW-Edition	BehavesLike.Win32.BadFile.tc
Sophos	Mal/Generic-R
GData	Trojan.GenericKD.43720160
Avira	TR/Patched.DealPly.Gen8
Arcabit	Trojan.Generic.D29B1DE0
Microsoft	BrowserModifier:Win32/DealPly!MTB
Cynet	Malicious (score: 99)
VBA32	TScope.Malware-Cryptor.SB
ALYac	Trojan.GenericKD.43720160
Malwarebytes	Malware.AI.3725359601
APEX	Malicious
Tencent	Trojan.Win32.BitCoinMiner.la
MaxSecure	Trojan.Malware.74549449.susgen
Fortinet	W32/Updane.A!tr
Webroot	W32.Adware.Gen
AVG	Win32:DealPly-gen [Adw]
CrowdStrike	win/malicious_confidence_60% (D)

How to remove BrowserModifier:Win32/DealPly!MTB?

BrowserModifier:Win32/DealPly!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X