Adware

How to remove “Win32/Adware.WhenUSave”?

Malware Removal

The Win32/Adware.WhenUSave is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Adware.WhenUSave virus can do?

  • Creates RWX memory
  • Reads data out of its own binary image
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Win32/Adware.WhenUSave?



File Info:

crc32: 373D25C8
md5: 4e1c407402f86b85fe917ba457951bee
name: pengsw.exe
sha1: cfe73ea5d2403b161e4a9f900b3a136255208983
sha256: 457045a0824b0f7d78e706881f5dd2671b7dd75c64d5384b57cc825722c57098
sha512: db1db2696686d1d11e56c27615183c773757571ffa4a257197a46be9a49ae8f65b18bcc2c617166033db942cf8d9eaec402dae743afb3d31de2e4eda954060d2
ssdeep: 24576:x7aLsw75pkeKzwXoXeQtEFfVNoKzDE71toAiAjI+pGQu:xs75HK1tE3NoKzAptdjI+pq
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

ystems: XXXXXXXXXXXXXXXXXXXXXXXXXXX
FileDescription: Penguin Party Screen Saver - Shareware Versi
FileVersion: 
CompanyName: RI Soft Systems

Win32/Adware.WhenUSave also known as:

CylanceUnsafe
K7GWAdware ( 004bb2a91 )
K7AntiVirusAdware ( 004bb2a91 )
NANO-AntivirusRiskware.Win32.SaveNow.gcay
ESET-NOD32a variant of Win32/Adware.WhenUSave
GDataGen:Adware.Heur.hq0@R0v0k9fi
Kasperskynot-a-virus:AdWare.Win32.SaveNow.av
BitDefenderGen:Adware.Heur.hq0@R0v0k9fi
AvastWin32:SaveNow-H [PUP]
TencentWin32.Adware.Savenow.Pdmq
SophosWhenU (PUA)
ComodoMalware@#3161w58v77a3u
F-SecureGen:Adware.Heur.hq0@R0v0k9fi
DrWebAdware.SaveNow.194
EmsisoftGen:Adware.Heur.hq0@R0v0k9fi (B)
CyrenW32/SaveNow.A.gen!Eldorado
WebrootW32.Adware.WhenU.F
Antiy-AVLGrayWare[AdWare]/Win32.SaveNow
ArcabitAdware.Heur.E0B20E
ViRobotAdware.SaveNow.1546670
ZoneAlarmnot-a-virus:AdWare.Win32.SaveNow.av
MicrosoftProgram:Win32/Vigram.A
AhnLab-V3Adware/Win32.Agent.C561170
VBA32Adware.SaveNow
MAXmalware (ai score=99)
Ikarusnot-a-virus:AdWare.Win32.SaveNow
FortinetAdware/SaveNow
AVGWin32:SaveNow-H [PUP]
Cybereasonmalicious.402f86
PandaGeneric Malware

How to remove Win32/Adware.WhenUSave?

Win32/Adware.WhenUSave removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment