Adware.Eszjuxuan
Short bio
Adware.Eszjuxuan is Malwarebytes’ generic detection name for a Chinese family of adwarethat targets Windows systems.
Symptoms
Adware.Eszjuxuan shows advertising in new browser tabs or windows through a redirect site. The adware opens a browser window to the redirect site, and from there you get different results based on fingerprinting and cookies.
Protection
Remediation
Malwarebytes can detect and remove Adware.Eszjuxuan without further user interaction.
- Please download Malwarebytesto your desktop.
- Double-click MBSetup.exeand follow the prompts to install the program.
- When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantineto remove the found threats.
- Reboot the system if prompted to complete the removal process.
Malwarebytes removal log
An example Malwarebytes log for a member of this family called ServerTest:
Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 5/26/17Scan Time: 8:53 AMLog File: mbamServerTest.txtAdministrator: Yes-Software Information-Version: 3.1.2.1733Components Version: 1.0.122Update Package Version: 1.0.2024License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser:{computername}\{username}-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 332622Threats Detected: 22Threats Quarantined: 22Time Elapsed: 1 min, 37 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled-Scan Details-Process: 1PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YEADESKTOP\YEADESKTOP.EXE, Quarantined, [1535], [393869],1.0.2024Module: 1PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YEADESKTOP\YEADESKTOP.EXE, Quarantined, [1535], [393869],1.0.2024Registry Key: 2PUP.Optional.YeaDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YeaDesktop, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, HKCU\SOFTWARE\YeaDesktop, Delete-on-Reboot, [1535], [391400],1.0.2024Registry Value: 2PUP.Optional.YeaDesktop, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YeaDesktop, Delete-on-Reboot, [1535], [393869],1.0.2024PUP.Optional.YeaDesktop.ClnShrt, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|YEADESKTOP.EXE, Delete-on-Reboot, [1357], [396226],1.0.2024Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 3PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YeaDesktop, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\YEADESKTOP, Delete-on-Reboot, [1535], [391395],1.0.2024File: 13PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YEADESKTOP\YEADESKTOP.EXE, Delete-on-Reboot, [1535], [393869],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\apphoverbk.png, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedHover.png, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedNormal.png, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedPressed.png, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\config.xml, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\HelpTool.dll, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\unins000.dat, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\unins000.exe, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\Uninstall YeaDesktop.lnk, Delete-on-Reboot, [1535], [391395],1.0.2024PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\YeaDesktop.lnk, Delete-on-Reboot, [1535], [391395],1.0.2024Adware.Eszjuxuan, C:\USERS\{username}\DESKTOP\LOADAPP.EXE, Delete-on-Reboot, [42], [401951],1.0.2024PUP.Optional.YeaDesktop, C:\USERS\{username}\APPDATA\ROAMING\SERVERTEST\80887.EXE, Delete-on-Reboot, [1535], [391393],1.0.2024Physical Sector: 0(No malicious items detected)(end)