Adware.ChinAd is Malwarebytes’ generic detection for a family that consists mostly of bundlers containing Chinese adware.
Systems affected with Adware.ChinAd will display advertisements not originating from the sites they are visiting, often oriented toward the Chinese market.
Bundlers like Adware.ChinAd often contain one program that is appealing and combine it during install with adware and PUPs.
Malwarebytes protects users from Adware.ChinAd with its real-time protection technology.
Malwarebytes blocks Adware.ChinAd
Malwarebytes can detect and remove Adware.ChinAd without further user interaction.
An example of a removal log is this one for a member of this family called EnjoyWifi:
Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/27/17 Scan Time: 10:38 AM Log File: 36880759-a35f-11e7-bf1d-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2896 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 321581 Threats Detected: 23 Threats Quarantined: 23 Time Elapsed: 1 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\EnjoyWiFi.exe, Quarantined, [8686], [417507],1.0.2896 Module: 4 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\EnjoyWiFi.exe, Quarantined, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\sciter32.dll, Quarantined, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\wfcrecf.dll, Quarantined, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\zlib.dll, Quarantined, [8686], [417507],1.0.2896 Registry Key: 2 PUP.Optional.EnjoyWiFi, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8948C1BE-92B8-4276-8803-DC71CC78203A}, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.ChinAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wfcre, Delete-on-Reboot, [96], [417524],1.0.2896 Registry Value: 1 PUP.Optional.EnjoyWiFi, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8948C1BE-92B8-4276-8803-DC71CC78203A}|DISPLAYNAME, Delete-on-Reboot, [8686], [417521],1.0.2896 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.EnjoyWiFi, C:\PROGRAM FILES (X86)\ENJOYWIFI, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ENJOYWIFI, Delete-on-Reboot, [8686], [417508],1.0.2896 File: 13 PUP.Optional.EnjoyWiFi, C:\USERS\PUBLIC\DESKTOP\ENJOYWIFI.LNK, Delete-on-Reboot, [8686], [417518],1.0.2896 PUP.Optional.EnjoyWiFi, C:\PROGRAM FILES (X86)\ENJOYWIFI\ENJOYWIFI.SSF, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\EnjoyWiFi.exe, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\inst.db, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\sciter32.dll, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\uninst.exe, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\wfcrecf.dll, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\wftinst.dll, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\zlib.dll, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ENJOYWIFI\ENJOYWIFI.LNK, Delete-on-Reboot, [8686], [417508],1.0.2896 PUP.Optional.EnjoyWiFi, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnjoyWiFi\uninstall EnjoyWiFi.lnk, Delete-on-Reboot, [8686], [417508],1.0.2896 PUP.Optional.ChinAd, C:\WINDOWS\SYSTEM32\DRIVERS\WFCRE.SYS, Delete-on-Reboot, [96], [417524],1.0.2896 PUP.Optional.EnjoyWiFi, C:\USERS\{username}\DESKTOP\SETUP.4.22.EXE, Delete-on-Reboot, [8686], [417533],1.0.2896 Physical Sector: 0 (No malicious items detected) (end)
Select your language