Malware

Dialer:Win32/Trafficadvance removal instruction

Malware Removal

The Dialer:Win32/Trafficadvance is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dialer:Win32/Trafficadvance virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Dialer:Win32/Trafficadvance?



File Info:

name: 7DF5FE3510D789C425A2.mlw
path: /opt/CAPEv2/storage/binaries/20b6ea98e65c3cb4778cce53c298948f6c2041b29ed175623ad7adefd9f7f809
crc32: B111BD65
md5: 7df5fe3510d789c425a201be7db917cc
sha1: 496b2e0c5329f09f19490ab88793f3c1a592598b
sha256: 20b6ea98e65c3cb4778cce53c298948f6c2041b29ed175623ad7adefd9f7f809
sha512: cbde032a717bb16370712ee3bdf6fff334180affb630a692036ca74e4ea011445b96f349ce2d1a343d82c1992c32f4d8a7a55fd3eff7985d033376f9c2c2e433
ssdeep: 768:/omq87Wcr4IIf4Mxs2F284Ye0ZjUgBuJ5Hmn07gUFbdfk:AmhuNuLL7g0+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18F635B22B591C533D0B219BCCC1EE3D57838BA711C371687BAF60B0DED7E781A918656
sha3_384: 5c03ce47ef172d4a6bb0a370cf482e1ec4b4154dc1d09fed87bf222ec724a175bc03548d560d9d44973b3c487bbef7e3
ep_bytes: 558bec83c4ec33c08945ec8945f0b820
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Dialer:Win32/Trafficadvance also known as:

BkavW32.AIDetectMalware
Elasticmalicious (moderate confidence)
MicroWorld-eScanGeneric.Dialer.9E3BDB81
FireEyeGeneric.mg.7df5fe3510d789c4
CAT-QuickHealTrojan.Diamin.9876
SkyhighBehavesLike.Win32.Sytro.kt
ALYacGeneric.Dialer.9E3BDB81
MalwarebytesGeneric.Malware.AI.DDS
VIPREGeneric.Dialer.9E3BDB81
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004bcce41 )
BitDefenderGeneric.Dialer.9E3BDB81
K7GWTrojan ( 004bcce41 )
Cybereasonmalicious.c5329f
BitDefenderThetaAI:Packer.9E03AC6619
VirITTrojan.Win32.Generic.JUA
SymantecDialer.Trafficadvance
ESET-NOD32a variant of Win32/Diamin
APEXMalicious
ClamAVWin.Trojan.Dialer-852
KasperskyTrojan.Win32.Diamin.i
AlibabaTrojan:Win32/Diamin.5ca17cf7
NANO-AntivirusTrojan.Win32.Diamin.chmbi
RisingTrojan.Dialer!1.66EB (CLASSIC)
SophosMal/Behav-053
F-SecureTrojan.TR/Dialer.IA
DrWebDialer.Netvision
ZillyaTrojan.Diamin.Win32.1
TrendMicroDIAL_DIAMIN.YG
Trapminemalicious.moderate.ml.score
EmsisoftGeneric.Dialer.9E3BDB81 (B)
IkarusTrojan.Win32.Diamin.ax
JiangminTrojan/KillFiles.w
GoogleDetected
AviraTR/Dialer.IA
VaristW32/Dialer.nw!GSA
Antiy-AVLTrojan/Win32.Diamin.i
KingsoftWin32.Trojan.Diamin.i
MicrosoftDialer:Win32/Trafficadvance
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitGeneric.Dialer.9E3BDB81
SUPERAntiSpywareDialer.Carima
ZoneAlarmTrojan.Win32.Diamin.i
GDataGeneric.Dialer.9E3BDB81
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Diamin.R2719
McAfeeDialer-292
DeepInstinctMALICIOUS
VBA32MalwareScope.Dialer.NWMini.1
Cylanceunsafe
PandaDialerMini.gen
TrendMicro-HouseCallDIAL_DIAMIN.YG
TencentTrojan.Win32.Diamin.16000422
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Diamin.gen
FortinetW32/Diamin!tr
AVGWin32:Dialer-CI [Trj]
AvastWin32:Dialer-CI [Trj]
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Dialer:Win32/Trafficadvance?

Dialer:Win32/Trafficadvance removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment