Riskware.iWinDloader removal

The Riskware.iWinDloader is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Riskware.iWinDloader virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
Reads data out of its own binary image

How to determine Riskware.iWinDloader?


File Info:
name: D8FCDA1F379737E3C905.mlw
path: /opt/CAPEv2/storage/binaries/179d11ee194901017498d89129fe9ef76a3a83c5deef432a0076c4cab20ac956
crc32: 40536EB8
md5: d8fcda1f379737e3c905a612d81dd4d0
sha1: 8289ceefed1ff18dd21762b3d88268633d8c19f2
sha256: 179d11ee194901017498d89129fe9ef76a3a83c5deef432a0076c4cab20ac956
sha512: f7312da517944bfe7669173829bae46af45c9b7bb6dd6ce1f042d67df9134a86d64752819865f64169cde442b5e7131425e51b249ca28619e7d0e209879476a2
ssdeep: 1536:OLXB65939tY6HBg4sXJUxIjVlWmBX6jI9b28AFLnVVwlWmBXOxIjxOcVf2R879Pc:OLk395hYXJU+KpjtVn/jr+8k1xO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T165B39E1535C4C8AAD5260A31D5A6DB79E373FFD12A02D28323507FAE7EF12838693587
sha3_384: 27004ea3497b8f206c7aa40811b81b76394fce7dfa942d7dc3a43e5d4c622471e1b4dd2ad48255bd64a52c9397932f57
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:41

Version Info:
CompanyName: iWin inc.
FileDescription: Pogo Games Downloader
FileVersion: 1.0.6.0
LegalCopyright: © iWin inc.
ProductName: Pogo Games
ProductVersion: 1.0.6.0
Translation: 0x0409 0x0000

Riskware.iWinDloader also known as:

DrWeb	Trojan.Siggen9.53672
ClamAV	Win.Adware.RelevantKnowledge-9939891-0
Skyhigh	Artemis
Cylance	unsafe
Zillya	Trojan.Extgen.Win32.2431
CrowdStrike	win/grayware_confidence_90% (W)
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Avast	FileRepPup [Bundl]
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Suspicious PE
Google	Detected
Avira	GAME/Downloader.Gen8
Antiy-AVL	Trojan/Win32.SGeneric
Varist	W32/AdAgent.AY.gen!Eldorado
McAfee	Artemis!D8FCDA1F3797
VBA32	Riskware.iWinDloader
Malwarebytes	Generic.Malware.AI.DDS
Ikarus	Trojan-Downloader.Win32.Generic
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	Riskware/iWinDloader
AVG	FileRepPup [Bundl]
DeepInstinct	MALICIOUS

How to remove Riskware.iWinDloader?

Riskware.iWinDloader removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X