PUA

NSIS:Amonetize-H [PUP] removal

Malware Removal

The NSIS:Amonetize-H [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What NSIS:Amonetize-H [PUP] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A named pipe was used for inter-process communication
  • Starts servers listening on 127.0.0.1:0
  • Enumerates running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • A possible heap spray exploit has been detected
  • Steals private information from local Internet browsers
  • Attempts to create or modify a Browser Helper Object
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine NSIS:Amonetize-H [PUP]?



File Info:

name: 79F30A48D9ED6AC0A45E.mlw
path: /opt/CAPEv2/storage/binaries/1faac977cb32b286cf9c053bcda445057b9808aa08a57f1f3b5840d9373483d6
crc32: 9736DFF0
md5: 79f30a48d9ed6ac0a45e6bf908912773
sha1: cdb7fcbb96f5a56acfe3166679b73a05602dca4d
sha256: 1faac977cb32b286cf9c053bcda445057b9808aa08a57f1f3b5840d9373483d6
sha512: a4853f23961af57c1581aa384b84f7a7c85f393a58ec8c14c5ddc94cd55c4d0a009cf7f95b6c17aa6281de90f4cfd423d6f478af858f1fb96ccc1d3a3d94ee5c
ssdeep: 12288:8KTmMEG4GjeZHkwuPikQ7lKH5p5H9x1deZHkwuXiZQblKh5pDxXTd8zb4:8KTmMEG4GjeZEXi37l6Br1deZEviOblW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T161D423EA1FA29133D9C5717F8730FEADDBF5A48C80E366879B661EAD3AD23831550500
sha3_384: c8938cc00441958a976b05d2e066fa4cd3fb6f4c82077515cc549341c3a78f8e586e1a6256508264d16533e7e1a9f405
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:52


Version Info:

CompanyName: Media Watch
CompanyWebsite: 
FileDescription: 
FileVersion: 1.1
LegalCopyright: 
ProductName: Media Watch home 83
ProductVersion: 1.1
Translation: 0x0000 0x04e4

NSIS:Amonetize-H [PUP] also known as:

LionicAdware.Win32.BetterSurf.2!c
Elasticmalicious (high confidence)
DrWebTrojan.Amonetize.10
CynetMalicious (score: 100)
CAT-QuickHealAdware.BetterSurf.B5
ALYacGen:Variant.Mikey.74011
CylanceUnsafe
VIPREAdware.Bettersurf (fs)
SangforMalware.Generic-JS.Save.7cc5649c
CrowdStrikewin/grayware_confidence_100% (D)
AlibabaAdWare:Win32/Amonetize.f513d5e2
K7GWUnwanted-Program ( 0040f7f51 )
K7AntiVirusUnwanted-Program ( 0040f7f51 )
CyrenW32/Medfos.AE.gen!Eldorado
SymantecAdware.WebexpEnhanced
ESET-NOD32multiple detections
TrendMicro-HouseCallTROJ_SPNR.0BCU14
Paloaltogeneric.ml
ClamAVWin.Adware.Bettersurf-9
Kasperskynot-a-virus:AdWare.Win32.BetterSurf.b
BitDefenderGen:Variant.Adware.SwiftBrowse.10
NANO-AntivirusRiskware.Win32.BetterSurf.cvrzvc
SUPERAntiSpywareAdware.BetterSurf/Variant
MicroWorld-eScanGen:Variant.Adware.SwiftBrowse.10
AvastNSIS:Amonetize-H [PUP]
TencentWin32.Risk.Adware.Alst
EmsisoftApplication.InstallMon (A)
ComodoApplication.JS.BetterSurf.B@5c6sol
ZillyaAdware.BetterSurf.Win32.13095
TrendMicroTROJ_SPNR.0BCU14
McAfee-GW-EditionBehavesLike.Win32.AdwareBSurf.jc
FireEyeGen:Variant.Adware.SwiftBrowse.10
SophosBetterSurf (PUA)
GDataWin32.Adware.Amonetize.M
JiangminAdWare.Amonetize.arbm
WebrootW32.Adware.Gen
AviraADWARE/Adware.Gen7
Antiy-AVLTrojan/Generic.ASMalwNS.2781
KingsoftWin32.Troj.BetterSurf.b.(kcloud)
ZoneAlarmnot-a-virus:AdWare.Win32.BetterSurf.b
MicrosoftTrojan:Win32/Occamy.C
SentinelOneStatic AI – Malicious PE
AhnLab-V3Adware/Win32.BetterSurf.C233448
Acronissuspicious
McAfeeArtemis!79F30A48D9ED
TACHYONTrojan-Clicker/W32.BetterSurf.649712
VBA32Adware.Amonetize
MalwarebytesAdware.BetterSurf
APEXMalicious
RisingTrojan.Win32.Generic.17BE35A0 (C64:YzY0Og1COjyeFRbr)
YandexPUA.BetterSurf!2Tbc20fcdLM
MAXmalware (ai score=100)
FortinetAdware/BetterSurf
AVGNSIS:Amonetize-H [PUP]
Cybereasonmalicious.8d9ed6
PandaTrj/NsisDownloader.A

How to remove NSIS:Amonetize-H [PUP]?

NSIS:Amonetize-H [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment