Adware:Win32/WinAgir

By Sumo3000 in Adware

Adware:Win32/WinAgir is an adware program that collects the computer owner's browsing behavior and search engine requests in order to display targeted advertisements based on the search keywords to the victim on the corrupted machine. Adware:Win32/WinAgir also updates and downloads other harmful files, and contacts a remote server without the computer user's authorization to transfer data and gain instructions. Adware:Win32/WinAgir creates several registry subkeys and entries to permit itself as a service and install its Browser Helper Object (BHO) component. Adware:Win32/WinAgir terminates numerous processes to assure that its BHO component stays functional. Adware:Win32/WinAgir contacts a remote server and transmits HTTP requests to these servers with specific parameters, indicating its actions on the infected PC.

File System Details

Adware:Win32/WinAgir may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%ProgramFiles%\Winscalar\Winscalaru.exe
Name: %ProgramFiles%\Winscalar\Winscalaru.exe Type: Executable File
2.	%ProgramFiles%\Winscalar\Winscalars51.dll
Name: %ProgramFiles%\Winscalar\Winscalars51.dll Type: Dynamic link library
3.	%ProgramFiles%\Winscalar\Winscalarb51.dll
Name: %ProgramFiles%\Winscalar\Winscalarb51.dll Type: Dynamic link library
4.	%ProgramFiles%\Winscalar\sqlite3.dll
Name: %ProgramFiles%\Winscalar\sqlite3.dll Type: Dynamic link library
5.	%ProgramFiles%\Winscalar\pkdb.dat
Name: %ProgramFiles%\Winscalar\pkdb.dat Type: Data file
6.	%ProgramFiles%\Winscalar\ukdb.dat
Name: %ProgramFiles%\Winscalar\ukdb.dat Type: Data file

Registry Details

Adware:Win32/WinAgir may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKLM\SOFTWARE\agir

HKLM\SOFTWARE\agir = "dist"

HKLM\SOFTWARE\Classes\CLSID\{3D832BC9-918A-4a13-B231-C3021C3A60B1

HKLM\SOFTWARE\Classes\Interface\{1D832BC9-918A-4A13-B231-C3021C3A60B1}

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main = "Enable Browser Extensions" = "yes"

HKLM\SOFTWARE\Classes\Winscalarc3i021BHO.Winscalarc3i021APIClass

HKLM\SOFTWARE\agir = "bd"

HKLM\SOFTWARE\agir = "ts_shift"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D832BC9-918A-4a13-B231-C3021C3A60B1}

HKLM\SOFTWARE\Classes\CLSID = "tst_key" = "test_ok"

HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_WINAGIR_UPDATE_SERVICE\0000\Control = "0" = "Windows WinAgir Update Service"

HKLM\SOFTWARE\agir = "md"

HKLM\SOFTWARE\agir = "indt"

HKLM\SOFTWARE\Classes\TypeLib\{2D832BC9-918A-4A13-B231-C3021C3A60B1}\1.0

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winscalar = "DisplayName" = "Winscalar"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Adware:Win32/WinAgir

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen