Categories: AdwareFakeSpy

About “Win32/Adware.FakeAntiSpy.AV” infection

The Win32/Adware.FakeAntiSpy.AV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Adware.FakeAntiSpy.AV virus can do?

Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Reads data out of its own binary image
Unconventionial language used in binary resources: Russian
Installs itself for autorun at Windows startup
Checks the presence of disk drives in the registry, possibly for anti-virtualization
Attempts to modify proxy settings
Creates a copy of itself
Attempts to disable browser security warnings

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/Adware.FakeAntiSpy.AV?


File Info:
crc32: 0F692867md5: 11e3b8968c26e01c85cf9337e59d83d0name: 11E3B8968C26E01C85CF9337E59D83D0.mlwsha1: 3b45ce3d7ad316352aea9e3f041ef86a565ec644sha256: d4440c4e895efc17fdfbbf06cbe54a6ae607545bd91d45d3473104ae799ebd35sha512: fc64cbb5fd4acdc502f4aacbe3ea9d4f3ad1018bc011557677a00263ccbfc7c026b67f5d16c32d797f0108d14e5ec10f11358fd9c2305511692c6673ed06b9c0ssdeep: 49152:l1CH9yyTxz8h+TuT8C4RjqqqEJ4J4J4J:rCdyYhRqqqEWWWtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Win32/Adware.FakeAntiSpy.AV also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 7000000f1 )
Lionic	Trojan.Win32.Generic.4!c
DrWeb	Trojan.Shutdown.2160
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Ulise.115533
Cylance	Unsafe
Zillya	Adware.FakeAntiSpy.Win32.45
Alibaba	AdWare:Win32/FakeAntiSpy.965a99f7
K7GW	Trojan ( 7000000f1 )
Cybereason	malicious.68c26e
Cyren	W32/FakeAlert.ADD.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Adware.FakeAntiSpy.AV
APEX	Malicious
Avast	Win32:Delf-PPM [Trj]
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ulise.115533
NANO-Antivirus	Trojan.Win32.FakeAV.dggxgi
MicroWorld-eScan	Gen:Variant.Ulise.115533
Tencent	Malware.Win32.Gencirc.114bc8f3
Ad-Aware	Gen:Variant.Ulise.115533
Sophos	Mal/FakeAV-FO
Comodo	ApplicUnwnt@#x7uvmkstu1m2
BitDefenderTheta	Gen:NN.ZelphiF.34142.HLW@a0LMBiok
VIPRE	FraudTool.Win32.FakeVimes!delf (v)
McAfee-GW-Edition	BehavesLike.Win32.AdwareFileTour.th
FireEye	Generic.mg.11e3b8968c26e01c
Emsisoft	Gen:Variant.Ulise.115533 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.Blocker.cym
Avira	HEUR/AGEN.1114825
Antiy-AVL	Trojan/Generic.ASMalwS.18A9457
Microsoft	Rogue:Win32/FakePAV
GData	Gen:Variant.Ulise.115533
McAfee	FakeAV-PJ.gen.n
MAX	malware (ai score=100)
VBA32	BScope.Trojan.FakeAV
Malwarebytes	Malware.AI.1721830571
Panda	Trj/CI.A
Rising	Trojan.Generic@ML.81 (RDML:X6IVTndHuxY+koystOq//A)
Yandex	Trojan.GenAsa!gtVIwobHgRw
Ikarus	Trojan.Win32.FakeAV
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/FakeAV.DLCP!tr
AVG	Win32:Delf-PPM [Trj]
Paloalto	generic.ml