Adware.FastDataX

Short bio

Adware.FastDataX is an application that may inject advertisements into web browsers or other software. It may also collect personally identifiable information (PII) about the computer and users’ browsing habits and specific geographic regions. This information may be harvested for targeted advertising and could be sold to third-party data exchange services or other interested parties.

Symptoms

Adware.FastDataX may create an entry within the Microsoft Task Scheduler to ensure persistence. Some variants of Adware.FastDataX may inject advertisements into web browsers or display advertisements using pop-up or pop-under techniques.

Type and source of infection

Adware.FastDataX could be distributed using various methods, including being packaged with free software or other online software or being installed with or without user consent.

Protection

Malwarebytes blocks the installation of FastDataX with its real-time protection module.

Malwarebytes detects and removes FastDataX as malware.

Remediation

Malwarebytes can detect and remove FastDataX infections without further user interaction.

1. Please download Malwarebytes to your desktop.
2. Double-click MBSetup.exe and follow the prompts to install the program.
3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
4. Click on the Get started button.
5. Click Scan to start a Threat Scan.
6. Click Quarantine to remove the found threats.
7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

A Malwarebytes log of removal will look similar to this:

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 3/9/18

Scan Time: 9:09 PM

Log File: d8980cdf-2418-11e8-92b3-00ffc8517b86.json

Administrator: Yes

-Software Information-

Version: 3.4.4.2398

Components Version: 1.0.322

Update Package Version: 1.0.4282

License: Premium 

-System Information-

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Computer\User

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 296880

Threats Detected: 21

Threats Quarantined: 21

Time Elapsed: 2 min, 44 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 4

Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\FASTDATAX TASK, Quarantined, [1186], [407191],1.0.4282

Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7E90D634-327C-4E2E-8845-3C6F7245FEC1}, Quarantined, [1186], [407191],1.0.4282

Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7E90D634-327C-4E2E-8845-3C6F7245FEC1}, Quarantined, [1186], [407191],1.0.4282

Adware.FastDataX, HKU\S-1-5-21-2165681608-3755637219-621560601-1000\SOFTWARE\FastDataX, Quarantined, [8031], [484533],1.0.4282

Registry Value: 1

Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7E90D634-327C-4E2E-8845-3C6F7245FEC1}|PATH, Quarantined, [1186], [407189],1.0.4282

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 4

Adware.FastDataX.EncJob, C:\PROGRAM FILES (X86)\FASTDATAX, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log\installer, Quarantined, [1186], [474798],1.0.4282

Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log, Quarantined, [1186], [474798],1.0.4282

Adware.FastDataX.EncJob, C:\USERS\FWIPLAYER\APPDATA\LOCAL\FASTDATAX, Quarantined, [1186], [474798],1.0.4282

File: 12

Adware.FastDataX.EncJob, C:\WINDOWS\SYSTEM32\TASKS\FASTDATAX TASK, Quarantined, [1186], [407191],1.0.4282

Adware.FastDataX.EncJob, C:\USERS\FWIPLAYER\APPDATA\ROAMING\Microsoft\Windows\Recent\unins000.dat.lnk, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\PROGRAM FILES (X86)\FASTDATAX\UNINS000.DAT, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\bwpah.dll, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\unins000.exe, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\unins000.msg, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\USERS\FWIPLAYER\APPDATA\ROAMING\Microsoft\Windows\Recent\unins000.msg.lnk, Quarantined, [1186], [407194],1.0.4282

Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log\installer\08-02-2018(22-38).log, Quarantined, [1186], [474798],1.0.4282

Adware.FastDataX.EncJob, C:\Users\Fwiplayer\AppData\Local\FastDataX\log\installer\08-02-2018(22-39).log, Quarantined, [1186], [474798],1.0.4282

Adware.FastDataX, C:\USERS\FWIPLAYER\APPDATA\ROAMING\Microsoft\Windows\Recent\fast.datax_1e58aa82ec29e98482be583321034815679cef7a5939ce0d8029220b72eda5d6.lnk, Quarantined, [8031], [463466],1.0.4282

Adware.FastDataX, C:\USERS\FWIPLAYER\DESKTOP\FAST.DATAX_1E58AA82EC29E98482BE583321034815679CEF7A5939CE0D8029220B72EDA5D6.EXE, Quarantined, [8031], [463466],1.0.4282

Adware.FastDataX, C:\USERS\FWIPLAYER\DESKTOP\FASTDATAXCF8DBB4D07F78D5C5388764232BE6AFD55357A652C9887AF68B756AFC0E0DAC5.EXE, Quarantined, [8031], [463466],1.0.4282

Physical Sector: 0

(No malicious items detected)

(end)

Traces/IOCs

You may see these entries in FRST logs:

Task: {7E90D634-327C-4E2E-8845-3C6F7245FEC1} – System32\Tasks\FastDataX Task => C:\Program Files (x86)\FastDataX\FastDataX.exe [2018-03-09] () <==== ATTENTION

Associated files:

FastDataX.exe, bwpah.dll