Adware.FastDataX
Short bio
Malwarebytes detects Adware.FastDataX because it is an adware application that may inject advertisements into web browsers or other software. Adware.FastDataX may also collect personally identifiable information about the computer, and browsing habits and specific geographic regions of its users. This information may be harvested for the purposes of targeting advertising and could be sold to third party data exchange services or other interested parties.
Symptoms
Adware.FastDataX may create an entry within the Microsoft Task Scheduler to ensure persistence. Some variants of Adware.FastDataX may inject advertisements into web browsers or display advertisements using pop-up or pop-under techniques.
Type and source of infection
Adware.FastDataX could be distributed using various methods, including being packaged with free software or other online software or being installed with or without user consent.
Protection
Malwarebytes blocks the installation of FastDataX with its real-time protection module.
Malwarebytes detects and removes FastDataX as malware.
Remediation
Malwarebytes can detect and remove FastDataX infections without further user interaction.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan option from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that All Threats is selected, and click Remove Selected.
- Restart your computer when prompted to do so.
Malwarebytes removal log
A Malwarebytes log of removal will look similar to this:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 3/9/18
Scan Time: 9:09 PM
Log File: d8980cdf-2418-11e8-92b3-00ffc8517b86.json
Administrator: Yes
-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4282
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Computer\User
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296880
Threats Detected: 21
Threats Quarantined: 21
Time Elapsed: 2 min, 44 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 4
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\FASTDATAX TASK, Quarantined, [1186], [407191],1.0.4282
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7E90D634-327C-4E2E-8845-3C6F7245FEC1}, Quarantined, [1186], [407191],1.0.4282
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7E90D634-327C-4E2E-8845-3C6F7245FEC1}, Quarantined, [1186], [407191],1.0.4282
Adware.FastDataX, HKU\S-1-5-21-2165681608-3755637219-621560601-1000\SOFTWARE\FastDataX, Quarantined, [8031], [484533],1.0.4282
Registry Value: 1
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7E90D634-327C-4E2E-8845-3C6F7245FEC1}|PATH, Quarantined, [1186], [407189],1.0.4282
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 4
Adware.FastDataX.EncJob, C:\PROGRAM FILES (X86)\FASTDATAX, Quarantined, [1186], [407194],1.0.4282
Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log\installer, Quarantined, [1186], [474798],1.0.4282
Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log, Quarantined, [1186], [474798],1.0.4282
Adware.FastDataX.EncJob, C:\USERS\FWIPLAYER\APPDATA\LOCAL\FASTDATAX, Quarantined, [1186], [474798],1.0.4282
File: 12
Adware.FastDataX.EncJob, C:\WINDOWS\SYSTEM32\TASKS\FASTDATAX TASK, Quarantined, [1186], [407191],1.0.4282
Adware.FastDataX.EncJob, C:\USERS\FWIPLAYER\APPDATA\ROAMING\Microsoft\Windows\Recent\unins000.dat.lnk, Quarantined, [1186], [407194],1.0.4282
Adware.FastDataX.EncJob, C:\PROGRAM FILES (X86)\FASTDATAX\UNINS000.DAT, Quarantined, [1186], [407194],1.0.4282
Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\bwpah.dll, Quarantined, [1186], [407194],1.0.4282
Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\unins000.exe, Quarantined, [1186], [407194],1.0.4282
Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\unins000.msg, Quarantined, [1186], [407194],1.0.4282
Adware.FastDataX.EncJob, C:\USERS\FWIPLAYER\APPDATA\ROAMING\Microsoft\Windows\Recent\unins000.msg.lnk, Quarantined, [1186], [407194],1.0.4282
Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log\installer\08-02-2018(22-38).log, Quarantined, [1186], [474798],1.0.4282
Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log\installer\08-02-2018(22-39).log, Quarantined, [1186], [474798],1.0.4282
Adware.FastDataX, C:\USERS\FWIPLAYER\APPDATA\ROAMING\Microsoft\Windows\Recent\fast.datax_1e58aa82ec29e98482be583321034815679cef7a5939ce0d8029220b72eda5d6.lnk, Quarantined, [8031], [463466],1.0.4282
Adware.FastDataX, C:\USERS\FWIPLAYER\DESKTOP\FAST.DATAX_1E58AA82EC29E98482BE583321034815679CEF7A5939CE0D8029220B72EDA5D6.EXE, Quarantined, [8031], [463466],1.0.4282
Adware.FastDataX, C:\USERS\FWIPLAYER\DESKTOP\FASTDATAXCF8DBB4D07F78D5C5388764232BE6AFD55357A652C9887AF68B756AFC0E0DAC5.EXE, Quarantined, [8031], [463466],1.0.4282
Physical Sector: 0
(No malicious items detected)
(end)
Traces/IOCs
You may see these entries in FRST logs:
Task: {7E90D634-327C-4E2E-8845-3C6F7245FEC1} – System32\Tasks\FastDataX Task => C:\Program Files (x86)\FastDataX\FastDataX.exe [2018-03-09] () <==== ATTENTION
Associated files:
FastDataX.exe, bwpah.dll