Risk

How to remove “Win32/RiskWare.StartPage.M”?

Malware Removal

The Win32/RiskWare.StartPage.M is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/RiskWare.StartPage.M virus can do?

  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Harvests cookies for information gathering

How to determine Win32/RiskWare.StartPage.M?



File Info:

name: 01026F37DD2F8141F4BE.mlw
path: /opt/CAPEv2/storage/binaries/02dc690a0f39df7c38e99453ec6a6e9d5b717483974d00b9ddfb49bc2afd36cd
crc32: 39D18FDB
md5: 01026f37dd2f8141f4be92201ae217bd
sha1: a023832033a585ec9cb085af63eea82f58cb469e
sha256: 02dc690a0f39df7c38e99453ec6a6e9d5b717483974d00b9ddfb49bc2afd36cd
sha512: d052970b1dd6b18f2cab4f65ee0bc8af752b5a5301b21609130ef70a27b5fb68bd8634ca8e6f4cd76d28341228c9f0862759cabea812e3d4d1c1b365b90dcbe0
ssdeep: 12288:+K2mhAMJ/cPlisCaEca6ZPNUV95b88iqsSJEKL89zP6m:v2O/GlisCa063UVHhinSiKw6m
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BEC41313768455FAF64052306E6F3B96E0B8F535A8BEA00EFB645E477AF4083970B613
sha3_384: 6e1bf87a94a69be4652080fc2c511e6ede2421cad6e363e5f6aa7e36c37ab82f043e3cefd8ff6e67c21da4b1358787f6
ep_bytes: e8e3feffff33c050505050e89f300000
timestamp: 2012-06-09 13:19:49


Version Info:

0: [No Data]

Win32/RiskWare.StartPage.M also known as:

LionicTrojan.Multi.Generic.4!c
DrWebTrojan.StartPage.54207
MicroWorld-eScanTrojan.GenericKD.34022870
FireEyeTrojan.GenericKD.34022870
ALYacTrojan.GenericKD.34022870
CylanceUnsafe
SangforTrojan.Win32.Malware.gen
AlibabaTrojan:Win32/Pasta.c4cddb7d
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/RiskWare.StartPage.M
Paloaltogeneric.ml
ClamAVWin.Malware.Generic-6881986-0
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderTrojan.GenericKD.34022870
NANO-AntivirusTrojan.Win32.Pasta.cxkcrc
AvastFileRepMetagen [Trj]
TencentWin32.Trojan.Pasta.jy
Ad-AwareTrojan.GenericKD.34022870
EmsisoftTrojan.GenericKD.34022870 (B)
ComodoMalware@#pwkv4gwuyf5w
McAfee-GW-EditionRDN/Generic StartPage
SophosMal/Generic-S
GDataTrojan.GenericKD.34022870
MAXmalware (ai score=88)
KingsoftWin32.Troj.Generic.z.(kcloud)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Malware/Win.Malware-gen.C4774118
McAfeeRDN/Generic StartPage
MalwarebytesMalware.AI.4025679013
APEXMalicious
RisingTrojan.Win32.Generic.152338BC (C64:YzY0OrwzJFQjkf88)
SentinelOneStatic AI – Suspicious SFX
AVGFileRepMetagen [Trj]

How to remove Win32/RiskWare.StartPage.M?

Win32/RiskWare.StartPage.M removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment