Adware.ChinAd

Short bio

Adware.ChinAd is Malwarebytes’ generic detection for a family that consists mostly of bundlers containing Chinese adware.

Symptoms

Systems affected with Adware.ChinAd will display advertisements not originating from the sites they are visiting, often oriented toward the Chinese market.

Type and source of infection

Bundlers like Adware.ChinAd often contain one program that is appealing and combine it during install with adware and PUPs.

Protection

Malwarebytes protects users from Adware.ChinAd with its real-time protection technology.

block ChinAd

Malwarebytes blocks Adware.ChinAd

Remediation

Malwarebytes can detect and remove Adware.ChinAd without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

An example of a removal log is this one for a member of this family called EnjoyWifi:

Malwarebytes log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/27/17
Scan Time: 10:38 AM
Log File: 36880759-a35f-11e7-bf1d-080027750297.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2896
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321581
Threats Detected: 23
Threats Quarantined: 23
Time Elapsed: 1 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\EnjoyWiFi.exe, Quarantined, [8686], [417507],1.0.2896

Module: 4
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\EnjoyWiFi.exe, Quarantined, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\sciter32.dll, Quarantined, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\wfcrecf.dll, Quarantined, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\zlib.dll, Quarantined, [8686], [417507],1.0.2896

Registry Key: 2
PUP.Optional.EnjoyWiFi, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8948C1BE-92B8-4276-8803-DC71CC78203A}, Delete-on-Reboot, [8686], [417507],1.0.2896
PUP.Optional.ChinAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wfcre, Delete-on-Reboot, [96], [417524],1.0.2896

Registry Value: 1
PUP.Optional.EnjoyWiFi, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8948C1BE-92B8-4276-8803-DC71CC78203A}|DISPLAYNAME, Delete-on-Reboot, [8686], [417521],1.0.2896

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.EnjoyWiFi, C:\PROGRAM FILES (X86)\ENJOYWIFI, Delete-on-Reboot, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ENJOYWIFI, Delete-on-Reboot, [8686], [417508],1.0.2896

File: 13
PUP.Optional.EnjoyWiFi, C:\USERS\PUBLIC\DESKTOP\ENJOYWIFI.LNK, Delete-on-Reboot, [8686], [417518],1.0.2896
PUP.Optional.EnjoyWiFi, C:\PROGRAM FILES (X86)\ENJOYWIFI\ENJOYWIFI.SSF, Delete-on-Reboot, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\EnjoyWiFi.exe, Delete-on-Reboot, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\inst.db, Delete-on-Reboot, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\sciter32.dll, Delete-on-Reboot, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\uninst.exe, Delete-on-Reboot, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\wfcrecf.dll, Delete-on-Reboot, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\wftinst.dll, Delete-on-Reboot, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\zlib.dll, Delete-on-Reboot, [8686], [417507],1.0.2896
PUP.Optional.EnjoyWiFi, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ENJOYWIFI\ENJOYWIFI.LNK, Delete-on-Reboot, [8686], [417508],1.0.2896
PUP.Optional.EnjoyWiFi, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnjoyWiFi\uninstall EnjoyWiFi.lnk, Delete-on-Reboot, [8686], [417508],1.0.2896
PUP.Optional.ChinAd, C:\WINDOWS\SYSTEM32\DRIVERS\WFCRE.SYS, Delete-on-Reboot, [96], [417524],1.0.2896
PUP.Optional.EnjoyWiFi, C:\USERS\{username}\DESKTOP\SETUP.4.22.EXE, Delete-on-Reboot, [8686], [417533],1.0.2896

Physical Sector: 0
(No malicious items detected)


(end)

Related blog content

How to remove adware from your PC

Debunking the hacker stereotype: Who are the real monsters?

Select your language