Adware.FastDataX

Short bio

Malwarebytes detects Adware.FastDataX because it is an adware application that may inject advertisements into web browsers or other software. Adware.FastDataX may also collect personally identifiable information about the computer, and browsing habits and specific geographic regions of its users. This information may be harvested for the purposes of targeting advertising and could be sold to third party data exchange services or other interested parties.

Symptoms

Adware.FastDataX may create an entry within the Microsoft Task Scheduler to ensure persistence. Some variants of Adware.FastDataX may inject advertisements into web browsers or display advertisements using pop-up or pop-under techniques.

Type and source of infection

Adware.FastDataX could be distributed using various methods, including being packaged with free software or other online software or being installed with or without user consent.

Protection

Malwarebytes blocks the installation of FastDataX with its real-time protection module.

Malwarebytes detects and removes FastDataX as malware.

Remediation

Malwarebytes can detect and remove FastDataX infections without further user interaction.

• Please download Malwarebytes to your desktop.
• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan option from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that All Threats is selected, and click Remove Selected.
• Restart your computer when prompted to do so.

Malwarebytes removal log

A Malwarebytes log of removal will look similar to this:

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 3/9/18

Scan Time: 9:09 PM

Log File: d8980cdf-2418-11e8-92b3-00ffc8517b86.json

Administrator: Yes

-Software Information-

Version: 3.4.4.2398

Components Version: 1.0.322

Update Package Version: 1.0.4282

License: Premium 

-System Information-

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Computer\User

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 296880

Threats Detected: 21

Threats Quarantined: 21

Time Elapsed: 2 min, 44 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 4

Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\FASTDATAX TASK, Quarantined, [1186], [407191],1.0.4282

Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7E90D634-327C-4E2E-8845-3C6F7245FEC1}, Quarantined, [1186], [407191],1.0.4282

Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7E90D634-327C-4E2E-8845-3C6F7245FEC1}, Quarantined, [1186], [407191],1.0.4282

Adware.FastDataX, HKU\S-1-5-21-2165681608-3755637219-621560601-1000\SOFTWARE\FastDataX, Quarantined, [8031], [484533],1.0.4282

Registry Value: 1

Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7E90D634-327C-4E2E-8845-3C6F7245FEC1}|PATH, Quarantined, [1186], [407189],1.0.4282

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 4

Adware.FastDataX.EncJob, C:\PROGRAM FILES (X86)\FASTDATAX, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log\installer, Quarantined, [1186], [474798],1.0.4282

Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log, Quarantined, [1186], [474798],1.0.4282

Adware.FastDataX.EncJob, C:\USERS\FWIPLAYER\APPDATA\LOCAL\FASTDATAX, Quarantined, [1186], [474798],1.0.4282

File: 12

Adware.FastDataX.EncJob, C:\WINDOWS\SYSTEM32\TASKS\FASTDATAX TASK, Quarantined, [1186], [407191],1.0.4282

Adware.FastDataX.EncJob, C:\USERS\FWIPLAYER\APPDATA\ROAMING\Microsoft\Windows\Recent\unins000.dat.lnk, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\PROGRAM FILES (X86)\FASTDATAX\UNINS000.DAT, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\bwpah.dll, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\unins000.exe, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\unins000.msg, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\USERS\FWIPLAYER\APPDATA\ROAMING\Microsoft\Windows\Recent\unins000.msg.lnk, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log\installer\08-02-2018(22-38).log, Quarantined, [1186], [474798],1.0.4282

Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log\installer\08-02-2018(22-39).log, Quarantined, [1186], [474798],1.0.4282

Adware.FastDataX, C:\USERS\FWIPLAYER\APPDATA\ROAMING\Microsoft\Windows\Recent\fast.datax_1e58aa82ec29e98482be583321034815679cef7a5939ce0d8029220b72eda5d6.lnk, Quarantined, [8031], [463466],1.0.4282

Adware.FastDataX, C:\USERS\FWIPLAYER\DESKTOP\FAST.DATAX_1E58AA82EC29E98482BE583321034815679CEF7A5939CE0D8029220B72EDA5D6.EXE, Quarantined, [8031], [463466],1.0.4282

Adware.FastDataX, C:\USERS\FWIPLAYER\DESKTOP\FASTDATAXCF8DBB4D07F78D5C5388764232BE6AFD55357A652C9887AF68B756AFC0E0DAC5.EXE, Quarantined, [8031], [463466],1.0.4282

Physical Sector: 0

(No malicious items detected)

(end)

Traces/IOCs

You may see these entries in FRST logs:

Task: {7E90D634-327C-4E2E-8845-3C6F7245FEC1} – System32\Tasks\FastDataX Task => C:\Program Files (x86)\FastDataX\FastDataX.exe [2018-03-09] () <==== ATTENTION

Associated files:

FastDataX.exe, bwpah.dll