Adware.Eszjuxuan

Short bio

Adware.Eszjuxuan is Malwarebytes’ generic detection name for a Chinese family of adwarethat targets Windows systems.

Symptoms

Adware.Eszjuxuan shows advertising in new browser tabs or windows through a redirect site. The adware opens a browser window to the redirect site, and from there you get different results based on fingerprinting and cookies.

Protection

Malwarebytes blocks Adware.Eszjuxuan

Remediation

Malwarebytes can detect and remove Adware.Eszjuxuan without further user interaction.

1. Please download Malwarebytesto your desktop.
2. Double-click MBSetup.exeand follow the prompts to install the program.
3. When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
4. Click on the Get started button.
5. Click Scan to start a Threat Scan.
6. Click Quarantineto remove the found threats.
7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

An example Malwarebytes log for a member of this family called ServerTest:

Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 5/26/17Scan Time: 8:53 AMLog File: mbamServerTest.txtAdministrator: Yes-Software Information-Version: 3.1.2.1733Components Version: 1.0.122Update Package Version: 1.0.2024License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser:{computername}\{username}-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 332622Threats Detected: 22Threats Quarantined: 22Time Elapsed: 1 min, 37 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled-Scan Details-Process: 1PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YEADESKTOP\YEADESKTOP.EXE, Quarantined, [1535], [393869],1.0.2024Module: 1PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YEADESKTOP\YEADESKTOP.EXE, Quarantined, [1535], [393869],1.0.2024Registry Key: 2PUP.Optional.YeaDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YeaDesktop, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, HKCU\SOFTWARE\YeaDesktop, Delete-on-Reboot, [1535], [391400],1.0.2024Registry Value: 2PUP.Optional.YeaDesktop, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YeaDesktop, Delete-on-Reboot, [1535], [393869],1.0.2024PUP.Optional.YeaDesktop.ClnShrt, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|YEADESKTOP.EXE, Delete-on-Reboot, [1357], [396226],1.0.2024Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 3PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YeaDesktop, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\YEADESKTOP, Delete-on-Reboot, [1535], [391395],1.0.2024File: 13PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YEADESKTOP\YEADESKTOP.EXE, Delete-on-Reboot, [1535], [393869],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\apphoverbk.png, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedHover.png, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedNormal.png, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedPressed.png, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\config.xml, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\HelpTool.dll, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\unins000.dat, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\unins000.exe, Delete-on-Reboot, [1535], [391396],1.0.2024PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\Uninstall YeaDesktop.lnk, Delete-on-Reboot, [1535], [391395],1.0.2024PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\YeaDesktop.lnk, Delete-on-Reboot, [1535], [391395],1.0.2024Adware.Eszjuxuan, C:\USERS\{username}\DESKTOP\LOADAPP.EXE, Delete-on-Reboot, [42], [401951],1.0.2024PUP.Optional.YeaDesktop, C:\USERS\{username}\APPDATA\ROAMING\SERVERTEST\80887.EXE, Delete-on-Reboot, [1535], [391393],1.0.2024Physical Sector: 0(No malicious items detected)(end)