Win32/InstallMonetizer.AB potentially unwanted removal tips

The Win32/InstallMonetizer.AB potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/InstallMonetizer.AB potentially unwanted virus can do?

Sample contains Overlay data
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Win32/InstallMonetizer.AB potentially unwanted?


File Info:
name: 6FDB1A1366EF066E2F76.mlw
path: /opt/CAPEv2/storage/binaries/0831c54e4fd60ea74d8d20a0ccc18aea41708f5090e62784e9d944a5810924d8
crc32: 8ABEE68E
md5: 6fdb1a1366ef066e2f76b35a69afe0b2
sha1: 5f124b2afc1bfd0c12fd89ce46bfeb646a74bda6
sha256: 0831c54e4fd60ea74d8d20a0ccc18aea41708f5090e62784e9d944a5810924d8
sha512: 1e8941cbc3e8a1bc93eae3b7b277975d87545b758bccbb8386f86aa6416c4845b39556861dc369029b2be67525869bc0575b19c930388971dd51b45b6944d494
ssdeep: 12288:H0sa9EY02r2HMUN1g38DxxwZBYJdPmZ6u:HA7cJtw36PmZt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E484233731EED57BE1946AB056FBC632D2BAD3022212763343257E297C3A467903E572
sha3_384: d0f0fe0393b7940b4bf60fd20ed78f8b8441aab9be1cbe389e1deb305b515c39179ba60ef16b682226a1cd67c315d4c4
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:41

Version Info:
0: [No Data]

Win32/InstallMonetizer.AB potentially unwanted also known as:

Bkav	W32.AIDetectMalware
Lionic	Adware.Win32.InstallMonetizer.2!c
Cylance	unsafe
CrowdStrike	win/grayware_confidence_100% (W)
Symantec	PUA.BabylonToolbar
Elastic	malicious (high confidence)
ESET-NOD32	Win32/InstallMonetizer.AB potentially unwanted
APEX	Malicious
Cynet	Malicious (score: 100)
NANO-Antivirus	Riskware.Nsis.TrjGen.dylynx
Avast	NSIS:Eorezo [PUP]
F-Secure	Adware.ADWARE/Adware.Gen
DrWeb	Adware.Siggen.22062
Trapmine	malicious.high.ml.score
Avira	ADWARE/Adware.Gen
Microsoft	SoftwareBundler:Win32/InstallMonetizer
ViRobot	Adware.Installmonetizer.403324
GData	Win32.Application.InstallMonetizer.W
Malwarebytes	Generic.Malware/Suspicious
SentinelOne	Static AI – Suspicious PE
Fortinet	Adware/InstallMonetizer
AVG	NSIS:Eorezo [PUP]
Cybereason	malicious.afc1bf
DeepInstinct	MALICIOUS

How to remove Win32/InstallMonetizer.AB potentially unwanted?

Win32/InstallMonetizer.AB potentially unwanted removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X