Adware

Win32/Adware.Cjishu.E removal guide

Malware Removal

The Win32/Adware.Cjishu.E is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Adware.Cjishu.E virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Adware.Cjishu.E?


File Info:

name: 9328E4AFFE34851D134B.mlw
path: /opt/CAPEv2/storage/binaries/c66aabc7928622183fb20073979ff439a533ae97d700f6556fc19e586b1fe0e5
crc32: 8AB1BD57
md5: 9328e4affe34851d134bf39591a1990a
sha1: ceb3f17852a382ae316dd9f329edc083b30d3704
sha256: c66aabc7928622183fb20073979ff439a533ae97d700f6556fc19e586b1fe0e5
sha512: 7b79603165e7bbb9b227608f92624cb7013c1fb23c7bf5edaa9607cc9a24cf84c0f2aa13545f04bd3b35eff4812cfc548d49c873520d47c9b983ca0d94d1e332
ssdeep: 24576:83H56sCaRIPZ+xO+NVUyclTwbbsB+gCsFu+6hj4XHGGke7D+orc/fAEnEzpgZ:iHrC/YNVUllSbQFTXHG92rc/fYC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C465AF12F6428172E9E30174D9FB57BF8939AA20532580D3D3D45E6ACD31AD13E3A3DA
sha3_384: 15ea25e35423b772b146a1925f6117426e3f1dddaaeb85f050fcbc3dd18b832dcf2ea62241e8a4c30bf30b2745d2cdf9
ep_bytes: e840080000e949feffffff2590045000
timestamp: 2021-07-30 03:03:33

Version Info:

CompanyName: Anhui Aiqi Network Technology Co., Ltd
FileDescription: iNote 更新程序
FileVersion: 1.0.0.1
InternalName: iNoteUpd.exe
LegalCopyright: Copyright (C) 2020 iNote Inc.
OriginalFilename: iNoteUpd.exe
ProductName: iNote
ProductVersion: 1.0.0.1
Translation: 0x0804 0x04b0

Win32/Adware.Cjishu.E also known as:

BkavW32.Common.796E4FB1
Elasticmalicious (high confidence)
SkyhighArtemis
McAfeeArtemis!9328E4AFFE34
Cylanceunsafe
K7AntiVirusAdware ( 0058e1a11 )
K7GWAdware ( 0058e1a11 )
CrowdStrikewin/grayware_confidence_100% (D)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Adware.Cjishu.E
APEXMalicious
CynetMalicious (score: 99)
AvastWin32:AdwareX-gen [Adw]
TencentMalware.Win32.Gencirc.11938304
F-SecureHeuristic.HEUR/AGEN.1303389
IkarusPUA.AnhuiAiq
AviraHEUR/AGEN.1303389
MalwarebytesPUP.Optional.ChinAd.DDS
RisingAdware.AdPop!1.B85F (CLASSIC)
AVGWin32:AdwareX-gen [Adw]
DeepInstinctMALICIOUS

How to remove Win32/Adware.Cjishu.E?

Win32/Adware.Cjishu.E removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment