Loading ...|
|
Tweet |  More |
Adware:Win32/WinAgir Description
Adware:Win32/WinAgir is an adware program that collects the computer owner’s browsing behavior and search engine requests in order to display targeted advertisements based on the search keywords to the victim on the corrupted machine. Adware:Win32/WinAgir also updates and downloads other harmful files, and contacts a remote server without the computer user’s authorization to transfer data and gain instructions. Adware:Win32/WinAgir creates several registry subkeys and entries to permit itself as a service and install its Browser Helper Object (BHO) component. Adware:Win32/WinAgir terminates numerous processes to assure that its BHO component stays functional. Adware:Win32/WinAgir contacts a remote server and transmits HTTP requests to these servers with specific parameters, indicating its actions on the infected PC.
Type: Adware
How Can You Detect Adware:Win32/WinAgir?
Download SpyHunter’s Detection Scanner
to Detect Adware:Win32/WinAgir.
Can’t install SpyHunter? Click here to view possible causes of installation issues.
Adware:Win32/WinAgir Removal Details
Adware:Win32/WinAgir has typically the following processes in memory:
- %ProgramFiles%\Winscalar\Winscalaru.exe
- %ProgramFiles%\Winscalar\Winscalars51.dll
- %ProgramFiles%\Winscalar\Winscalarb51.dll
- %ProgramFiles%\Winscalar\sqlite3.dll
Adware:Win32/WinAgir creates the following files in the system:
- %ProgramFiles%\Winscalar\pkdb.dat
- %ProgramFiles%\Winscalar\ukdb.dat
Adware:Win32/WinAgir creates the following registry entries:
- HKLM\SOFTWARE\agir
- HKLM\SOFTWARE\agir = “dist”
- HKLM\SOFTWARE\Classes\CLSID\{3D832BC9-918A-4a13-B231-C3021C3A60B1
- HKLM\SOFTWARE\Classes\Interface\{1D832BC9-918A-4A13-B231-C3021C3A60B1}
- HKCU\SOFTWARE\Microsoft\Internet Explorer\Main = “Enable Browser Extensions” = “yes”
- HKLM\SOFTWARE\Classes\Winscalarc3i021BHO.Winscalarc3i021APIClass
- HKLM\SOFTWARE\agir = “bd”
- HKLM\SOFTWARE\agir = “ts_shift”
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D832BC9-918A-4a13-B231-C3021C3A60B1}
- HKLM\SOFTWARE\Classes\CLSID = “tst_key” = “test_ok”
- HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_WINAGIR_UPDATE_SERVICE\0000\Control = “0″ = “Windows WinAgir Update Service”
- HKLM\SOFTWARE\agir = “md”
- HKLM\SOFTWARE\agir = “indt”
- HKLM\SOFTWARE\Classes\TypeLib\{2D832BC9-918A-4A13-B231-C3021C3A60B1}\1.0
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winscalar = “DisplayName” = “Winscalar”
Important Article Disclaimer
Adware:Win32/WinAgir
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.