SoftwareBundler:Win32/FileTour removal

Malware Removal

The SoftwareBundler:Win32/FileTour is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What SoftwareBundler:Win32/FileTour virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
ec2-35-176-106-236.eu-west-2.compute.amazonaws.com

How to determine SoftwareBundler:Win32/FileTour?


File Info:

crc32: 2878BD8B
md5: 81b3b90796e58c32c9de78ac544532bf
name: 81B3B90796E58C32C9DE78AC544532BF.mlw
sha1: b323bfcc9a4b2cdddd04d8b9d194401d311a34ed
sha256: a1f0bf39d68965c9076587ea01744f6125db027f381d30aafb15e314ab85d6b3
sha512: c8b140500dff5f6a897cc50fd6021834da97091b2336c5a5090c6e69a5d54285fb2df789c1f05cceee0b08c1cff96533a253cd0e5b1b5acb9b4298a6fba9fb3d
ssdeep: 24576:KLMgaMAfgiI08G2wzP27V9GUKSnmYm1c4u9Ux12LiX5nI7+OOBWWT4E0xQ9h+7H:ZoGDI0h7zuZ9rJnip8iXc8WW829EHbP
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

SoftwareBundler:Win32/FileTour also known as:

BkavW32.AIDetectVM.malware5
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.914471
FireEyeGeneric.mg.81b3b90796e58c32
McAfeeAdware-FileTour
CylanceUnsafe
SangforMalware
K7AntiVirusAdware ( 00511f971 )
K7GWAdware ( 00511f971 )
CrowdStrikewin/malicious_confidence_100% (D)
ArcabitTrojan.Ursu.DDF427
TrendMicroTROJ_GEN.R06CC0PKI20
CyrenW32/S-1a8ef509!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:AdwareSig [Adw]
KasperskyHEUR:Packed.Win32.Blackv.gen
BitDefenderGen:Variant.Ursu.914471
Ad-AwareGen:Variant.Ursu.914471
EmsisoftGen:Variant.Ursu.914471 (B)
F-SecureHeuristic.HEUR/AGEN.1116975
DrWebTrojan.Moneyinst.210
InvinceaMal/EncPk-XF
McAfee-GW-EditionAdware-FileTour
SophosMal/EncPk-XF
Ikarusnot-a-virus:AdWare.FileTour
JiangminAdWare.FileTour.ago
AviraHEUR/AGEN.1116975
MAXmalware (ai score=83)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftSoftwareBundler:Win32/FileTour
ZoneAlarmHEUR:Packed.Win32.Blackv.gen
GDataGen:Variant.Ursu.914471
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.FileTour.R204168
BitDefenderThetaAI:Packer.7354C5741F
ALYacGen:Variant.Ursu.914471
VBA32TScope.Malware-Cryptor.SB
MalwarebytesAdware.FileTour.BatBitRst
ESET-NOD32a variant of Win32/Adware.FileTour.FFV
TrendMicro-HouseCallTROJ_GEN.R06CC0PKI20
RisingAdware.FileTour!1.ACB3 (CLASSIC)
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
AVGWin32:AdwareSig [Adw]
Cybereasonmalicious.796e58

How to remove SoftwareBundler:Win32/FileTour?

SoftwareBundler:Win32/FileTour removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment