Adware

Win32/Adware.Agent.NPP removal tips

Malware Removal

The Win32/Adware.Agent.NPP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Adware.Agent.NPP virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/Adware.Agent.NPP?


File Info:

name: 8D0CBCD02188FE957E78.mlw
path: /opt/CAPEv2/storage/binaries/d78f58a3b662409a341392585ea6af544869b801cb0b12e984e5a0a162e31631
crc32: 7E856ADA
md5: 8d0cbcd02188fe957e788661c3907e42
sha1: 6c562500c609250df24dc9b2ca31c7bd19768cc1
sha256: d78f58a3b662409a341392585ea6af544869b801cb0b12e984e5a0a162e31631
sha512: d456ba6a35b1c83ef0edcf08d0d91b50aa226fcde0ec89f711ad7e167f1d17f6254ab2d03a9510392bc2c0493abb6a06069e53930809485c03affc3a164fe0bc
ssdeep: 12288:GME1Ffxr+ls834XcdDOCMg9+J6QrEqdVAj:GMyFpr+ls8JDOxg9KRrEyQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11D94231526FBC496D05E0EB22AA7CA14FDF6EB406655CD6B5728CF3F4D2C100B045AEB
sha3_384: ac5842e8dd30f0ae853c72a085ec6dfc69b8c339acd0781995df649625888d114b52f5612f4786d9ffd0db9907879a49
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-04-30 14:07:27

Version Info:

CompanyName: www.paopaoche.net
FileDescription: 金融帝国2:金融帝国实验室
FileVersion: 中文版
LegalCopyright: Copyright paopaoche.Net 2014 All Rights Reserved
ProductName: 金融帝国2:金融帝国实验室
ProductVersion: 中文版
Translation: 0x0804 0x03a8

Win32/Adware.Agent.NPP also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
SkyhighBehavesLike.Win32.GenDownloader.gc
McAfeeArtemis!8D0CBCD02188
MalwarebytesTrojan.ChinAd
SangforAdware.Win32.Agent.Vl3e
SymantecPUA.Gen.2
ESET-NOD32Win32/Adware.Agent.NPP
Paloaltogeneric.ml
CynetMalicious (score: 100)
AvastWin32:Adware-gen [Adw]
Trapminesuspicious.low.ml.score
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Suspicious PE
GoogleDetected
Antiy-AVLTrojan[Downloader]/Win32.AdLoad.gen
Kingsoftmalware.kb.a.810
VBA32BScope.Trojan.Wacatac
Cylanceunsafe
RisingTrojan.Generic@AI.97 (RDML:zqqdEEvM7srt7eDymmS/GQ)
FortinetRiskware/Agent
AVGWin32:Adware-gen [Adw]

How to remove Win32/Adware.Agent.NPP?

Win32/Adware.Agent.NPP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment