How to remove $RWIT6FA.exe

» File
File Details
Overview
Analysis

$RWIT6FA.exe

The module $RWIT6FA.exe has been detected as Adware.MultiPlug

$RWIT6FA.exe

Remove $RWIT6FA.exe

File Details

Main Info:

MD5:	77de69f84fbc22dfe4271cf4234c5b91
Size:	234 KB
First Published:	2017-05-21 05:04:31 (6 years ago)
Latest Published:	2020-12-14 23:03:14 (3 years ago)

Analysis:

Status:	Adware.MultiPlug (on last analysis)
Analysis Date:	2020-12-14 23:03:14 (3 years ago)

Common Places:

%appdata%\kyubey

%programfiles%\fijushreibuent\_allowdel_b421

%sysdrive%\$recycle.bin\s-1-5-21-1638238481-826990769-3333327472-1001

%profile%\x\application data\kyubey

%appdata%

%sysdrive%\fx-pc\backup set 2017-03-26 190000\backup files 2017-04-09 190001\backup files 1.zip\c\users\fx\appdata\roaming

%sysdrive%\adwcleaner\quarantine\files

File Names:

Kyubey.exe

$RWIT6FA.exe

trz6A2C.tmp

Geography:

	48.6%
	6.8%
	5.4%
	5.4%
	5.4%
	2.7%
	2.7%
	2.7%
	2.7%
	2.7%
	1.4%
	1.4%
	1.4%
	1.4%
	1.4%
	1.4%
	1.4%
	1.4%
	1.4%
	1.4%
	1.4%

OS Version:

Windows 7	86.5%
Windows 10	5.4%
Windows 8.1	2.7%
Windows XP	2.7%
Windows 8	1.4%
Windows Server 2012 R2	1.4%

Analysis

PE Info:

Subsystem:	Windows GUI
PE Type:	pe
OS Bitness:	32
Image Base:	0x00400000
Entry Address:	0x0000c09d

PE Sections:

Name	Size of data	MD5
.text	192512	8e028e169b7276c669ffbd3aa9b34f08
.rdata	40448	0f8c2aa7f430f104cdec606d23a0b2b2
.data	5632	5af8b05ca702716cb1b971a0c55b6446
.rsrc	512	bc5906e4f4c97273653b0cea784091ec

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for $RWIT6FA.exe

copyright for information about $RWIT6FA.exe