Malware

Win32/Amonetize.XO potentially unwanted removal tips

Malware Removal

The Win32/Amonetize.XO potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Amonetize.XO potentially unwanted virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Collects information to fingerprint the system

How to determine Win32/Amonetize.XO potentially unwanted?



File Info:

name: 4E142651EB89DCD1FC59.mlw
path: /opt/CAPEv2/storage/binaries/7c9fbe3ff6c9698b768598985dff674e8d48fc0231c0200cf637abb81075b326
crc32: 9BAEE185
md5: 4e142651eb89dcd1fc5935f08e35b4d4
sha1: 641cc94eadbba4bf17f97ad728ebe083213ccbc5
sha256: 7c9fbe3ff6c9698b768598985dff674e8d48fc0231c0200cf637abb81075b326
sha512: 3c6a1522e14febe58501baed5a0c94df742e9d4e7c02c0583aae108c5ad1484b56f512472902b06988b28af538c9fd5db87d8e32dc433248e38625cdc3ac8a32
ssdeep: 24576:EUcLLfILAX7LAL1j+L//srMdH3ZU3KIslDhqb7fOgz0RWWVhrGNbYwmXiSA01:EUcLLfILAX7LAL1j+L//srMdH3ZU3Knz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A6150231B2D4C171C1764272889C9AE2567DBC694AB34F2B3BD83B8D2F76A51C722713
sha3_384: a7890b082b85c577204ef1da4d0599c3a27e138131c7879b5429ecdbf3ab7e4d570bd669d719d2448d384d45bd6df1f8
ep_bytes: e8fc670000e92dfeffffeb08e8f0ffff
timestamp: 2016-07-09 09:50:58


Version Info:

CompanyName: lhpCVIpe9BsyUfC
FileVersion: 235.110.19.255
ProductVersion: 235.110.19.255
FileDescription: cmpnnt
LegalCopyright: CL2016
ProductName: Smart Inst
LegalTrademarks: QuukLkHexgMEaE
PrivateBuild: 19
SpecialBuild: 235.110.19.255
InternalName: fHXZLvb
OriginalFilename: 8m84S3
Translation: 0x0000 0x0409

Win32/Amonetize.XO potentially unwanted also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 99)
FireEyeGeneric.mg.4e142651eb89dcd1
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforPUP.Win32.Amonetize.8
CrowdStrikewin/malicious_confidence_100% (D)
K7GWAdware ( 004dff691 )
K7AntiVirusAdware ( 004dff691 )
BitDefenderThetaGen:NN.ZexaF.34114.4u0@a48@I4ni
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Amonetize.XO potentially unwanted
APEXMalicious
Paloaltogeneric.ml
Kasperskynot-a-virus:HEUR:Downloader.Win32.Generic
BitDefenderGen:Trojan.Brresmon.Gen.1
NANO-AntivirusRiskware.Win32.Amonetize.eehjqy
MicroWorld-eScanGen:Trojan.Brresmon.Gen.1
AvastWin32:Malware-gen
TencentNet.Risk.Adware.Pdmi
Ad-AwareGen:Trojan.Brresmon.Gen.1
SophosGeneric PUA GE (PUA)
TrendMicroTROJ_GEN.R002C0PL921
McAfee-GW-EditionBehavesLike.Win32.PUPXAB.dc
EmsisoftGen:Trojan.Brresmon.Gen.1 (B)
IkarusPUA.Amonetize
GDataGen:Trojan.Brresmon.Gen.1
JiangminDownloader.Generic.boap
eGambitUnsafe.AI_Score_89%
AviraADWARE/Amonetize.Gen
Antiy-AVLTrojan/Generic.ASMalwS.19A4865
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftProgram:Win32/Wacapew.C!ml
McAfeePUP-XAA-IE
MAXmalware (ai score=80)
VBA32BScope.Trojan.Downloader
MalwarebytesPUP.Optional.Amonetize
TrendMicro-HouseCallTROJ_GEN.R002C0PL921
RisingTrojan.Generic@ML.100 (RDML:utisVJzaMFhE/lpIBrB6Tg)
YandexTrojan.GenAsa!CLl3jFWs2F8
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Generic
WebrootPua.Amonetize
AVGWin32:Malware-gen
Cybereasonmalicious.1eb89d
PandaTrj/Genetic.gen

How to remove Win32/Amonetize.XO potentially unwanted?

Win32/Amonetize.XO potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment