How To Remove PassShow

Did you come here wondering how to remove the ads tagged “Ads by PassShow“?

No problem, you can easily uninstall the PassShow adware from the Windows Control Panel’s Add/Remove Programs dialog.

Worked for me. Did it work for you too? If not, I’ll update this blog post with manual removal instructions.

Advertisements

SK.Enhancer.exe – Gen:Variant.Symmi Malware

I was looking at a bunch of Hijackthis logs and stumbled upon a file that looked suspicious. SK.Enhancer.exe.

I didn’t have that executable file, but I found it in the VirusTotal’s database. The detection results are pretty persuasive. You want to remove SK.Enhancer.exe:

  • AVG Downloader.Generic13.BQFW 20131209
  • MicroWorld-eScan Gen:Variant.Symmi.14078 20131209
  • BitDefender Gen:Variant.Symmi.14078 20131209
  • Ad-Aware Gen:Variant.Symmi.14078 20131209
  • GData Gen:Variant.Symmi.14078 20131209
  • Emsisoft Gen:Variant.Symmi.14078 (B) 20131209
  • Malwarebytes PUP.Optional.MultiPlug.A 20131209
  • McAfee RDN/Generic.grp!gg 20131209
  • McAfee-GW-Edition RDN/Generic.grp!gg 20131209
  • K7AntiVirus Riskware ( 0040eff71 ) 20131209
  • K7GW Riskware ( 0040eff71 ) 20131209
  • Norman Suspicious_Gen4.FHOYX 20131209
  • AntiVir TR/Symmi.14078.6 20131209
  • Panda Trj/Genetic.gen 20131209
  • TrendMicro-HouseCall TROJ_AGENTT.KOR 20131209
  • TrendMicro TROJ_AGENTT.KOR 20131209
  • Agnitum Trojan.Agent!MbqIq9ZRIc4 20131207
  • Baidu-International Trojan.Win32.Agent.77 20131209
  • VIPRE Trojan.Win32.Generic!BT 20131209
  • nProtect Trojan/W32.Agent.729600.BE 20131209
  • AhnLab-V3 Trojan/Win32.Agent 20131209
  • Comodo TrojWare.Win32.Agent.~huf 20131209
  • Bkav W32.Clod433.Trojan.9d1b 20131209
  • Fortinet W32/AGENTT.KOR!tr 20131209
  • Commtouch W32/Trojan.BZHM-0742 20131209
  • Ikarus Win32.SuspectCrc 20131209
  • ESET-NOD32 Win32/TrojanDownloader.Agent.AFD 20131209
  • Avast Win32:Agent-ASGX [Trj]

Better-Surf.exe – Is really BetterSurf making Internet browsing enjoyable?

I think not. Better-Surf.exe is now picked up by the majority of the anti-virus programs. Just look at this:

  • GData XML.Trojan.Agent.P839U4 20131215
  • Avast Win32:Adware-gen [Adw] 20131215
  • Bkav W32.Clode89.Trojan.2722 20131214
  • Kingsoft VIRUS_UNKNOWN 20130829
  • VIPRE Trojan.Win32.Generic!BT 20131215
  • DrWeb Trojan.Siggen6.475 20131215
  • Symantec Trojan.ADH.2 20131215
  • NANO-Antivirus Riskware.Win32.BetterSurf.cqshnf 20131214
  • McAfee RDN/Generic PUP.x!bnv 20131215
  • McAfee-GW-Edition RDN/Generic PUP.x!bnv 20131215
  • Kaspersky not-a-virus:AdWare.Win32.BetterSurf.b 20131215
  • Ikarus JS.BetterSurf 20131214
  • AVG Generic5.AKJO 20131214
  • Sophos Generic PUA OE 20131214
  • Comodo Application.Win32.AdWare.BetterSurf.A 20131215
  • Microsoft Adware:Win32/BetterSurf 20131215
  • AhnLab-V3 Adware/Win32.BetterSurf 20131214
  • nProtect Adware/W32.Agent.490385 20131213
  • AntiVir ADWARE/BetterSurf.C 20131214
  • Jiangmin AdWare/BetterSurf.a 20131215
  • Panda Adware/BetterSurf 20131214
  • Fortinet Adware/BetterSurf 20131215
  • Baidu-International Adware.Win32.BetterSurf.acRB 20131213
  • Agnitum Adware.BetterSurf! 20131214
  • Malwarebytes Adware.BetterSurf 20131215
  • VBA32 AdWare.BetterSurf 20131213
  • K7GW Adware ( 0049068f1 ) 20131213
  • K7AntiVirus Adware ( 0049068f1 ) 20131213
  • TrendMicro-HouseCall ADW_BETRSURF 20131215
  • TrendMicro ADW_BETRSURF 20131215
  • ESET-NOD32 a variant of Win32/AdWare.BetterSurf.B 20131214

Mesa.exe – Another BitCoin Miner

I’ve been seeing a large number of BitCoin miners appearing on some user’s machines. Mesa.exe is the latest I find.

Trojan.Win32.CoinMiner.ab, Trojan.BtcMine.75, a variant of Win32/CoinMiner.DV and Trojan.Win32.BtcMine.buhwax are some of the detection names Mesa.exe got when I uploaded it to VirusTotal. 

In case a BitCoin miner has been installed on your machine, you’ll probably notice it since it will use a lot CPU.

solve.exe is a BitCoin miner

Found another BitCoin miner today, running with high CPU usage, It was bundled with a free download. The anti-virus programs detect solve.exe:

  • MicroWorld-eScan Application.BitCoinMiner.BK 20131215
  • BitDefender Application.BitCoinMiner.BK 20131211
  • Ad-Aware Application.BitCoinMiner.BK 20131211
  • F-Secure Application.BitCoinMiner.BK 20131214
  • GData Application.BitCoinMiner.BK 20131215
  • Panda Application\Bitcoin 20131215
  • Sophos Bitcoin Miner 20131215
  • TrendMicro-HouseCall HKTL_BITMINE.SML 20131215
  • TrendMicro HKTL_BITMINE.SML 20131215
  • Kaspersky not-a-virus:RiskTool.Win32.BitCoinMiner.frk 20131215
  • Malwarebytes PUP.BitCoinMiner 20131215
  • McAfee RDN/Generic.dx!cnl 20131215
  • McAfee-GW-Edition RDN/Generic.dx!cnl 20131215
  • ViRobot RiskTool.BitCoinMiner.187904 20131215
  • CAT-QuickHeal RiskTool.BitCoinMiner.frk (Not a Virus) 20131215
  • Antiy-AVL RiskTool/Win32.BitCoinMiner 20131210
  • K7GW Riskware ( 004534e71 ) 20131213
  • Agnitum Riskware.BitCoinMiner!R4WaWCngDLQ 20131215
  • VBA32 Riskware.BitcoinMiner.11207 20131213
  • NANO-Antivirus Riskware.Win32.BtcMine.cglitp 20131215
  • AVG Skodna.BitCoinMiner.DX 20131215
  • DrWeb Tool.BtcMine.130 20131215
  • AntiVir TR/Rogue.1126064.1 20131215
  • Norman Troj_Generic.NAYVQ 20131215
  • K7AntiVirus Trojan ( 0048be2a1 ) 20131213
  • ByteHero Trojan.Malware.KillAV.Gen.001 20130613
  • Baidu-International Trojan.Win32.Agent.40 20131213
  • VIPRE Trojan.Win32.Generic!BT 20131215
  • AhnLab-V3 Trojan/Win32.BitCoinMiner 20131215
  • Comodo UnclassifiedMalware 20131215
  • Bkav W32.Clod959.Trojan.cc20 20131214
  • Fortinet W32/BitCoinMiner.W 20131215
  • Commtouch W32/Trojan.KZCQ-8320 20131215
  • Ikarus Win32.SuspectCrc 20131215
  • ESET-NOD32 Win32/BitCoinMiner.W 20131215