Adware PUA

Win32:Adware-DMM [PUP] removal instruction

Malware Removal

The Win32:Adware-DMM [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Adware-DMM [PUP] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32:Adware-DMM [PUP]?



File Info:

name: 0AC928725B3E751E60D2.mlw
path: /opt/CAPEv2/storage/binaries/d30725dd029a39ad9b095237454be9b1df7a0d7a40b4387a4dfc8c58e8488215
crc32: 65124368
md5: 0ac928725b3e751e60d2c6d16f938dbf
sha1: 2dcccc3543cdabcb5c6e91f6cf08b5909715e9e2
sha256: d30725dd029a39ad9b095237454be9b1df7a0d7a40b4387a4dfc8c58e8488215
sha512: 7bf4f327438e16b420bf9066cee1b50c6cda8f79b397bfa29fd0378c4b2fcfad0af3a9e14c5695037dfbd8f99a95e082ebea984b0214de906d28ea25c7ad74f0
ssdeep: 3072:+5ERKdsNSE8jWf+FnGevgjFA+WzmLpJhJ4RpS:+wB8qonGeoFA0lyp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15F047D1136D0C0B1D6B3023609E9AB71A6BDFD714F618B5B77984B4D1EB42C0BA36B63
sha3_384: 5d26036eb0e20cd1fded1b9087ef2c56e973c103da42832e9ec64774fa9c0628d47d55d2440b62b7b4c0deb840d593ba
ep_bytes: e83c720000e97ffeffff558bec8b4508
timestamp: 2018-04-02 14:25:18


Version Info:

CompanyName: Mail.Ru
FileDescription: Mail.Ru Launcher
FileVersion: 3.15.0.75
InternalName: launcher
LegalCopyright: Copyright 2015
OriginalFilename: launcher.exe
ProductName: Mail.Ru Launcher
ProductVersion: 3.15.0.75
Comments: 
Translation: 0x0409 0x04b0

Win32:Adware-DMM [PUP] also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Revizer.1409
MicroWorld-eScanTrojan.GenericKDZ.74312
CAT-QuickHealPUA.LoadmoneyPMF.S19249780
McAfeePUP-HAI
ZillyaTool.Agent.Win32.26977
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWAdware ( 005170991 )
K7AntiVirusAdware ( 005170991 )
CyrenW32/S-2773094c!Eldorado
SymantecSMG.Heur!gen
ESET-NOD32a variant of Win32/MailRu.R potentially unwanted
ClamAVWin.Malware.Mailru-6804164-0
Kasperskynot-a-virus:HEUR:AdWare.Win32.Machaer.gen
BitDefenderTrojan.GenericKDZ.74312
SUPERAntiSpywarePUP.Downloader/Variant
AvastWin32:Adware-DMM [PUP]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareTrojan.GenericKDZ.74312
EmsisoftApplication.Downloader (A)
ComodoApplication.Win32.MailRu.M@7oho6u
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
FireEyeGeneric.mg.0ac928725b3e751e
SophosMail.ru Downloader (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.BXR07S
JiangminAdWare.Machaer.ad
eGambitUnsafe.AI_Score_99%
AviraAPPL/MailRu.B
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASBOL.C4F7
ArcabitTrojan.Generic.D12248
ViRobotTrojan.Win32.Mailru.Gen.B
MicrosoftPUAAdvertising:Win32/LoadMoney
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.MailRu.R232581
VBA32BScope.Adware.Machaer
ALYacTrojan.GenericKDZ.74312
MalwarebytesRiskWare.Agent
APEXMalicious
IkarusPUA.MailRu
MaxSecureAdware.Adware.Machaer.gen_172020
FortinetW32/MailRu.M!tr
AVGWin32:Adware-DMM [PUP]
Cybereasonmalicious.25b3e7

How to remove Win32:Adware-DMM [PUP]?

Win32:Adware-DMM [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment