Adware.Pirrit
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 14,355 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 128,326 |
| First Seen: | January 23, 2014 |
| Last Seen: | March 18, 2025 |
| OS(es) Affected: | Windows |
Adware.macOS.Pirrit, Pirrit Mac Adware, or simply Pirrit, is a piece of Adware aimed at bombarding PC users with annoying pop-ups. Having bugged Windows-based machines, Pirrit has now set eyes on macOS systems, as well. Pirrit flags as a Potentially Unwanted Program (PUP) due to the intrusive nature of the ads that come with it.
Table of Contents
A Nerve-Wracking Experience
Imagine being flooded with miscellaneous ads, banners, pop-ups, coupons, and surveys, which keep popping up while you are browsing the web. They disrupt your activity and lead you straight to a variety of suspicious websites you’ve never seen before. That’s what Pirrit does, and that’s when you should raise a red flag signifying that your Mac has come under an adware attack. Albeit a low-level threat, adware tools like Pirrit may bring you to malware-infested sites anytime. Moreover, those sites may turn out to contain much more severe pieces of malware hidden beneath the sea of pop-ups and banners generated by Pirrit itself. In the worst-case scenario, Pirrit may lead you to a Trojan capable of harvesting your banking details, login credentials, or other personal data. What is more, some victims have even complained about having had their microphones and cameras hijacked. That's why letting the Pirrit Adware reside in your Mac is a no-go.
Distribution Tactics and Operation
Adware.macOS.Pirrit typically comes as part of software bundles of popular programs users can get from the Internet. Besides the core tools, those bundles may often include lots of additional, often superfluous programs. Unless you uncheck them before installation, you will get them all, which increases the prospect of getting an adware infection like the Pirrit. Once installed, Pirrit may perform many actions such as:
- Highlighting particular words during web browsing.
- Placing hyperlinks within the viewed web content.
- Loading pop-ups until they’ve covered your whole screen, etc.
You will easily recognize you have a Pirrit adware infection when you scroll over the embedded links. If you click on a Pirrit-generated ad, the crooks behind the Adware will earn a dime or two. That explains why they have been exploiting Pirrit to plague Windows-based machines for more than six years. Here are some of Pirrit's aliases over that time:
Adware.Win32.Tirrip.f, Generic5.AUTI [AVG], Riskware/Pirrit [Fortinet], Win32.Adware.Tirrip.Wrqs, Win32/AdWare.Pirrit.A, Trj/CI.A [Panda], AdWare.Tirrip, Win32.Troj.Tirrip.f.(kcloud), GrayWare[AdWare:not-a-virus]/Win32.Tirrip [Antiy-AVL], SPR/Tool.63488.4, AdWare/Tirrip.f, RDN/Generic PUP.x!c2y [McAfee-GW-Edition], Adware.Tirrip.Win32.6, Adware.Pirrit.2 [DrWeb] and ApplicUnwnt [Comodo].
Pirrit Removal
Like any other piece of Adware, you can either delete Pirrit manually or automatically. The latter method stands a much higher chance of cleaning up all the residual files, regardless of their destination folders. So, waste no time running a reputable AV solution to regain control of your Mac.
Aliases
15 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| AVG | Generic5.AUTI |
| Fortinet | Riskware/Pirrit |
| Panda | Trj/CI.A |
| Antiy-AVL | GrayWare[AdWare:not-a-virus]/Win32.Tirrip |
| McAfee-GW-Edition | RDN/Generic PUP.x!c2y |
| DrWeb | Adware.Pirrit.2 |
| Comodo | ApplicUnwnt |
| Sophos | Generic PUA PC |
| Kaspersky | not-a-virus:AdWare.Win32.Tirrip.f |
| Avast | Win32:PirritSuggestor-A [Adw] |
| Symantec | Trojan.Gen.2 |
| K7AntiVirus | Adware ( 004a0c581 ) |
| CAT-QuickHeal | AdWare.Tirrip.r5 (Not a Virus) |
| GData | Win32.Backdoor.NGService.C |
| Symantec | WS.Reputation.1 |
SpyHunter Detects & Remove Adware.Pirrit
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | wauctla.exe | 7d1e5892bb021fa20a03b7cd932a72da | 3,798 |
| 2. | winvxm.exe | b34a08ba3041ae88e1953d22bec7ae38 | 2,477 |
| 3. | openmemdiag_64.exe | 726790ac4efe16ff25705c76c299d02b | 213 |
| 4. | FileImportProgram.exe | 9e9b754b9ca5081a4eca625567e1262d | 191 |
| 5. | GUIRootSoftware.exe | 152531bfef6e09defb06c29b0c6b0235 | 191 |
| 6. | vxmclient.exe | 3f6ddb4b5a066321544176c599b53a70 | 159 |
| 7. | DriverFreewareOS.exe | 6af6c4cdf188f4e31a4d0f23224c4b79 | 138 |
| 8. | ExportFunctionGamma.exe | 72d0641e3b4f1e6523f58ca948f0771e | 84 |
| 9. | CronDirect3dWinsock.exe | 45d02e3c3e7c34539980b2cfdc0e739f | 82 |
| 10. | ExportInterpreterODBC.exe | c5a19d1aba6f3fa39d9c8b229ffef6b3 | 76 |
| 11. | CompileMinimalSnapshot.exe | 9db5393724c9795221e46bc262c6f765 | 73 |
| 12. | DashboardMacroMotion.exe | cb54914a0ec158e62d341ef14f20111c | 73 |
| 13. | DefaultGammaTooltip.exe | b64eb5d608203fb2fec787b7451ad7e2 | 73 |
| 14. | AppOfficeRegister.exe | 67b3efe0675d8787bced4027e43325f2 | 72 |
| 15. | FinderGUIOCR.exe | 1bc29840497317001b6e2b46b8013dda | 72 |
| 16. | Direct3dProcessSnapshot.exe | b32e9d254583d8050bf7621e09a9f4ba | 70 |
| 17. | JAVAOpenScreenshot.exe | c2c8c46de2752cd14c1485b51c18e079 | 70 |
| 18. | WinSystemCleaner.exe | 2843a01b05c92f7b2bb3bd56c0a3886a | 51 |
| 19. | DebuggerOCRSDK.exe | fabcb1eb1b0f2a204029837753694955 | 31 |
| 20. | chrome32.exe | f53f8293448cc33a75b96f36e3c19705 | 20 |
| 21. | CopyMotionScreenshot.exe | 84c299db01efbd675ceecfe10b148c9a | 18 |
| 22. | chrome64.exe | 75407b350565593eb52d3f58b4d04584 | 18 |
| 23. | WinSystemUpdater.exe | 8d0107719204715e22affdbcaa734c93 | 12 |
| 24. | mswsocktspkgProvider.exe | b313522f02b459116dd6ec13f24712dd | 5 |
| 25. | sharewaresdiagschdProt.exe | 16d2a7efcec5a4d3f63f3865aa79e150 | 2 |
| 26. | RegFltrX86.sys | 1ebeaed0c88721366ba7d99939042833 | 1 |
Registry Details
Directories
Adware.Pirrit may create the following directory or directories:
| %AppData%\Pirrit |
| %LOCALAPPDATA%\Pirrit Suggestor |
| %LOCALAPPDATA%\PirritSuggestor |
| %PROGRAMFILES%\Pirrit |
| %PROGRAMFILES%\Windows Network Accelerater |
| %PROGRAMFILES(x86)%\Pirrit |
| %PROGRAMFILES(x86)%\Windows Network Accelerater |
| %USERPROFILE%\Local Settings\Application Data\PirritSuggestor |
