Malware

Win32/FenomenGame potentially unwanted removal instruction

Malware Removal

The Win32/FenomenGame potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/FenomenGame potentially unwanted virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode patterns malware family
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/FenomenGame potentially unwanted?



File Info:

name: A1B1DB9988A6D57F052D.mlw
path: /opt/CAPEv2/storage/binaries/fc0c2535a600faf21b7c98ec3414da00ee287092e858219efa0741e414764154
crc32: 4B25146D
md5: a1b1db9988a6d57f052dcf4dfa16ea52
sha1: e5773328d6040e7b9f223acd278d790c7980eaad
sha256: fc0c2535a600faf21b7c98ec3414da00ee287092e858219efa0741e414764154
sha512: 23a9eea5d56d7198087bf3447b865e22cd2b411693bdeb95b3df8e5ce73959b9f2f40f51dfa7e782978554253ce922c72f3a0b5acf6e12e03fc59d7b0f707fe0
ssdeep: 3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1vW:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19E14F1B9620974EDEEED4432D013E1D5B7E8FF33E9CEA1031A8435267F1529A492E0D6
sha3_384: 7347c4a2fd4fe282503a68184d68bc6a0aadbe8169887fbad7cb7b3f20c0a5f7c4c2a0d53b30d3d599e6371a27c1a4a1
ep_bytes: 60be00a053008dbe0070ecff57eb0b90
timestamp: 2009-04-05 15:29:17


Version Info:

CompanyName: FG
FileDescription: Downloader
FileVersion: 2, 5, 0, 0
InternalName: Downloader
LegalCopyright: Copyright 2008 FG
OriginalFilename: Downloader.exe
ProductName: Downloader
ProductVersion: 1, 5, 0, 0
Translation: 0x0409 0x04b0

Win32/FenomenGame potentially unwanted also known as:

LionicWorm.Win32.Runouce.lrnM
Elasticmalicious (moderate confidence)
SkyhighBehavesLike.Win32.AdwareFenomen.cc
McAfeeAdware-Fenomen
Cylanceunsafe
ZillyaAdware.FenomenGame.Win32.7
SangforAdware.Win32.FenomenGame.pxu
K7AntiVirusAdware ( 004d9ea01 )
K7GWAdware ( 004d9ea01 )
CrowdStrikewin/grayware_confidence_100% (D)
VirITAdware.Win32.FenomenGame.PXU
SymantecSMG.Heur!gen
ESET-NOD32Win32/FenomenGame potentially unwanted
APEXMalicious
CynetMalicious (score: 100)
Kasperskynot-a-virus:WebToolbar.Win32.FenomenGame.pxu
NANO-AntivirusRiskware.Win32.FenomenGame.bdktx
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
AvastWin32:Adware-gen [Adw]
RisingAdware.FenomenGame!8.13B25 (TFE:5:uoIbU3NO5LC)
EmsisoftApplication.AdFen (A)
F-SecureAdware:W32/FenomenGame.L
DrWebAdware.FenomenGame.1
TrendMicroADW_FENOMEN
Trapminemalicious.high.ml.score
SophosFenomen Game Downloader (PUA)
SentinelOneStatic AI – Malicious PE
JiangminWebToolbar.FenomenGame.a
WebrootW32.Fenomen.Gen
VaristW32/Fenomen.B.gen!Eldorado
AviraGAME/Dldr.Fenomen.Gen
Antiy-AVLRiskWare[WebToolbar]/Win32.FenomenGame
XcitiumApplication.Win32.Adware.FenomenGame.~zyp@1kgmj6
MicrosoftTrojan:Win32/Ymacco.ABFC
ZoneAlarmnot-a-virus:WebToolbar.Win32.FenomenGame.pxu
GoogleDetected
AhnLab-V3Unwanted/Win32.FenomenGame.R2093
VBA32WebToolbar.Win32.FenomenGame
MalwarebytesGeneric.Malware.AI.DDS
TrendMicro-HouseCallADW_FENOMEN
TencentAdware.Win32.Fenomengame.16000433
YandexTrojan.GenAsa!imv6rUIRWAY
Ikarusnot-a-virus:.WebToolbar
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Fenomen
AVGWin32:Adware-gen [Adw]
DeepInstinctMALICIOUS

How to remove Win32/FenomenGame potentially unwanted?

Win32/FenomenGame potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment