Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/Adware
Threat report

Win32/Adware.Toolbar.Shopper.AA information

Published Apr 28, 2024 Adware category 3 min read
Report context

What to verify before removal

This adware entry is most useful when Win32/Adware.Toolbar.Shopper.AA information appears after a software bundle, browser extension install, or unwanted system utility. Treat it as moderate risk until you confirm whether the alert is tied to browser settings, scheduled tasks, or a persistent updater.

Start by comparing the local file name with E7FF28367AECAF5D4706.mlw, then review the behavior notes for bundled installers, browser policy changes, notification abuse, and unwanted startup entries. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
E7FF28367AECAF5D4706.mlw
  • Compare the suspicious file name with E7FF28367AECAF5D4706.mlw.
  • Confirm the detection name matches Win32/Adware.Toolbar.Shopper.AA information before removing related files.
  • Review the report for bundled installers, browser policy changes, notification abuse, and unwanted startup entries so the cleanup is based on observed behavior, not only the label.
  • Remove the unwanted app, reset affected browser settings, and check extensions before reconnecting accounts.

The Win32/Adware.Toolbar.Shopper.AA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Win32/Adware.Toolbar.Shopper.AA virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature

How to determine Win32/Adware.Toolbar.Shopper.AA?



File Info:

name: E7FF28367AECAF5D4706.mlw
path: /opt/CAPEv2/storage/binaries/1e8d6f1609b5c309cfd57f62378e15502d0db664aa88ab666328a99459829094
crc32: 28916628
md5: e7ff28367aecaf5d4706c7bc70385d99
sha1: e1030105307d79e6ce6a845820efd0e2ac9b6657
sha256: 1e8d6f1609b5c309cfd57f62378e15502d0db664aa88ab666328a99459829094
sha512: 0dd54f094008497db512c4726090096a945571ea6bce1c4f88158593e0c0691e9d89a6fb8f2fc68114be5379b4baec19703f7bf58c9a6daa23b1b3d3a1c9d058
ssdeep: 12288:Qr33m/mXOL0P3MBOTrXg8uQeZtMdYTsboEimbdoO+sRcTc9/LfHaxWcjElNADrsh:emi3vQ80VsbomH+F+HeWGONHfxk+laiR
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T17F458D1137FCC134EAAE15708C39ABA453FBEF105E28D80B66447A4D5EB1AC7D226F46
sha3_384: 71601fc5c397fa7fa7bd6d322651d5542963d30158639efcc613c63dd5780529d5d3ba951a8abd6797763ffe36460eb0
ep_bytes: 6a0c68e8960d10e86cd7ffff33c04089
timestamp: 2009-09-21 19:36:12


Version Info:

CompanyName: SmartShopper Networks
FileVersion: 2.6.56.0
InternalName: Smrt-Shpr.dll
LegalCopyright: (c) All rights reserved.
OriginalFilename: Smrt-Shpr.dll
ProductName: Smart-Shopper
ProductVersion: 2.6.56.0
Translation: 0x0409 0x04e7

Win32/Adware.Toolbar.Shopper.AA also known as:

Lionic Adware.Win32.Shopper.2!c
Elastic malicious (high confidence)
FireEye Gen:Adware.Heur.iv9@RW!gJNei
Skyhigh Artemis!PUP
McAfee SmartShopper
Sangfor Adware.Win32.Shopper.av
Alibaba AdWare:Win32/Shopper.83e4c6ab
VirIT BHO.Shopper.D
Paloalto generic.ml
ESET-NOD32 Win32/Adware.Toolbar.Shopper.AA
Avast FileRepPup [PUP]
ClamAV Win.Adware.Shoper-1
Kaspersky not-a-virus:AdWare.Win32.Shopper.av
BitDefender Gen:Adware.Heur.iv9@RW!gJNei
NANO-Antivirus Riskware.Win32.Shopper.dbyhew
MicroWorld-eScan Gen:Adware.Heur.iv9@RW!gJNei
Emsisoft Gen:Adware.Heur.iv9@RW!gJNei (B)
F-Secure Adware:W32/Hotbar.C
DrWeb Adware.Hotbar.1042
Zillya Adware.ShopperCRTD.Win32.2339
Sophos 180solutions (PUA)
GData Gen:Adware.Heur.iv9@RW!gJNei
Webroot W32.Adware.Shopperreports
Google Detected
Avira ADSPY/SmartShoper
Antiy-AVL GrayWare[AdWare]/Win32.Shopper
Kingsoft malware.kb.a.821
Xcitium Malware@#2pxiepf3qvi8r
Arcabit Adware.Heur.ED45AD
ZoneAlarm not-a-virus:AdWare.Win32.Shopper.av
Microsoft PUA:Win32/Creprote
ALYac Gen:Adware.Heur.iv9@RW!gJNei
MAX malware (ai score=60)
VBA32 BScope.Adware.Shopper
Cylance unsafe
Rising PUF.Creprote!8.F617 (TFE:5:751LDFOOTbL)
Yandex Trojan.GenAsa!5+oqvRKb54E
Ikarus Gen.AdWare
MaxSecure Trojan.Malware.29673.susgen
Fortinet Adware/Shopper
AVG FileRepPup [PUP]
DeepInstinct MALICIOUS

How to remove Win32/Adware.Toolbar.Shopper.AA?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.