Inside Pinaview Malware: Threat Analysis and Defensive Strategies

Pinaview's reach is alarming: a study shows that infections have gone up by 48% in just the last month, mostly targeting Chrome and Firefox users. This sneaky software, which looks like safe programs, has infected thousands of computers around the world. It makes browsing the web dangerous by showing you unwanted ads and taking over your searches.

How big of an area is this threat? Malwarebytes, a big name in security software, recently saw a rise in Pinaview detections. This virus is often found with the equally dangerous Atruicservice Trojan. That's like finding two kinds of trouble in your computer at once!

So, what does Pinaview do? Picture this:

Annoying Ad Avalanche: Pinaview floods your screen with annoying pop-up ads and links, making it look like a mess. Think of ads for used car lots that play over and over again, but for everything you try to do online.

Hijacked Highway: This malware changes the way you search the web to questionable search engines, adding paid content and possibly keeping track of everything you do. It's like going off the main road and down a dark alley instead.

Privacy Risk: Pinaview is watching you, so what you do online is not your own. You could be open to phishing scams and malware downloads if your searches, browsing history, and even personal information are made public. This is like having a stranger watch you while you surf the web.

But it's not just the bothersome part that's scary. Pinaview's ability to turn off security software and its possible link to other malware makes people very worried about data theft and even full system takeovers.

We are about to share useful tools and tips to beat the Pinaview Malware attack and keep your online life safe.

Pinaview often gets on computers because of what users do, whether they mean to or not. Most of the time, it's spread through online ads, game cracks, or software packages, which can make users wonder where it came from. Unfortunately, some free software tools don't clarify that they come with extra installations. This can cause Pinaview to be installed without the user's knowledge.

It's important to pay attention while installing software. Installers often come with extras that you can choose to avoid using. Be careful and pick and choose what you agree to run. Always pick the "custom" installation choices and uncheck any boxes that don't make sense, especially for any software you don't want to download and install.

STEP 1: Kill harmful processes using Rkill

• First, we'll download and run Rkill to kill any harmful processes on your computer.
• BleepingComputer.com's RKill tool terminates identified malware processes so your protection software can clean your machine. RKill kills malware processes, removes improper executable associations, and adjusts policies that prevent particular tool use.
• Download Rkill.
• Download RKill from the URL below. Download iExplore.exe by clicking Download Now on the download page. Some malware requires a specific filename, thus we're downloading a renamed Rkill (iExplore.exe).
• Rkill Logo
• Kill harmful programs by double-clicking iExplore.exe after downloading. The Downloads folder usually holds downloaded files.
• The application may take time to find and stop malware.
• RKILL Window
• A log file will open and the dark window close automatically after it's done. Avoid restarting your computer. Go to the next guide step.

Step 2: Remove malware from your PC.

• This second stage involves manually checking for unknown or harmful apps on the PC. Adware and browser hijackers may contain an Uninstall item.
• Open Settings by pressing Windows + I.
• Press Windows+I to launch Windows Settings. You can also right-click Start and choose “Settings” from the list.
• Start Windows 11 Settings
• After clicking “Apps” in Settings, click “Apps & features”.
• Enter Settings, click “Apps” in the sidebar, and pick “Apps & Features”.
• Windows 11 Features and Apps
• Remove the rogue software from the installed apps list.
• Search the app list in Apps & Features for suspicious apps. Sorting installed programs by date simplifies things. Click “Sort by” and choose “Install date”.
• Any program you don't remember downloading or that seems dubious could be causing all the trouble. Click the three dots beside a dangerous program and pick “Uninstall” from the menu.
• Windows 11: Uninstall Malware
• Uninstall the software using the prompts.
• Click Uninstall in the next dialog box and follow the directions to uninstall the dangerous application.
• Malicious programs try to sneak in if you don't read the prompts.
• After removing harmful apps from your computer, we can continue this course.

Step 3: Remove Windows harmful browser policies

• In the third step, we will utilize Command Prompt as Administrator to delete malware-set policies.
• Run Command Prompt as admin.
• In Windows, type “cmd” in the search bar, right-click the result and select “Run as administrator” as seen below.
• Run CMD as administrator
• The software will request authorization from User Account Control (UAC). Click “Yes”.
• Remove Windows malicious policies with commands.
• A blank screen called ‘Administrator: Command Prompt’ will appear. Type and hit Enter to enter commands on this screen.
• CMD with Admin Window
• Typing and pressing Enter after each command:
• Press Enter after typing RD /S /Q “%WinDir%\System32\GroupPolicyUsers”.
• Press Enter after typing RD /S /Q “%WinDir%\System32\GroupPolicy”.
• Press Enter after typing gpupdate /force.
• Your screen should look like this after inputting each command.
• CMD Success Run
• We will now reset browser settings to their defaults after removing harmful policies.

Step 4: Remove Windows malware.

This fourth step involves manually searching and removing harmful scheduled tasks and folders from your computer.

1. Remove harmful schedules.

• A malicious job Scheduler job may be created by this virus to automatically reinstall it every 5 minutes after deletion. This task may run regularly to maintain the infection in your system.
• Search “Task Scheduler” in Windows as shown below. Look for Task Scheduler.
• You may also open Task Scheduler by pressing Windows + R typing “taskschd.msc” and pressing Enter.
• Go to the left-hand Task Scheduler Library. Click Task Scheduler Library.
• Find the malicious scheduled task in the list. It may be a suspicious or unknown operation or have an odd name like Chrome_Policy, Chrome_Bookmarks, or Chrome_Folder. Select “Delete” from the right-click menu of the infected task. Find and eliminate harmful tasks

2. Remove harmful files from AppData\Roaming.

• Remove the malicious file from the AppData\Roaming folder.
• Enter “Run” in Windows search or press Windows + R to open the Run app. Run app.
• Type “%AppData%” in the run app and click OK. Windows opens the AppData Roaming folder directly.
• The roaming folder
• Find and remove strange folders like Default, Chrome32, Energy, Bloom, and Travel in the AppData\Roaming folder. Programs with similar names may have different names on your machine. Wandering Folder Malware

3. Remove harmful files from AppData\Local.

• Deleting harmful directories in AppData\Local and Chrome browser extensions is the next step.
• Enter “Run” in Windows search or press Windows + R to open the Run app. Run app.
• Click OK after typing “%localappdata%” in run app. Windows automatically opens the AppData\Local folder within the AppData folder.
• Locate and delete Default, WindowsApp, and ServiceApp folders in AppData\Local.
• Locate the Google folder and proceed to Google > Chrome > User Data > Default (or Profile) > Extensions. Delete the harmful Extensions folder. It may have a random name or a questionable extension.
• Uninstall Chrome extensions

4. Unmodify Chrome shortcuts

• Malware can hijack browser shortcuts to target harmful files. A brief guide to removing the Chrome shortcut modification:
• Right-click the Google Chrome desktop or Start Menu shortcut and select “Properties“. Get Chrome Properties
• Search the Shortcut tab for “Target”. The shortcut's added commands go here. Check the destination path for unusual text, especially references to the AppData folder.
• For instance, remove “–load-extension=C:\Users%USERNAME%\AppData\Local\Default”.
• Only the chrome.exe file location should be targeted. Remove Chrome shortcut hijack
• OK saves changes and closes Properties.
• Start Chrome normally using the shortcut. The start-up should no longer load the extension.
• Right-clicking the shortcut and selecting “Open File Location” opens the chrome.exe folder. Just drag chrome.exe to your taskbar to create a clean shortcut.
• We can go on after manually removing harmful processes and directories and cleaning browser shortcuts.

Understanding and combating the Pinaview malware requires vigilant and comprehensive strategies. To protect yourself from this kind of advanced malware, you need to keep your security measures up to date. These should include strong network defenses, regular software changes, and strong antivirus software. To stop people from downloading malware by accident, it's important to teach them about possible online threats and be careful when installing software. As cyber threats like Pinaview change, so must our defenses. For effective cybersecurity, we need to mix proactive means to stop threats with reactive ones to deal with them when they happen. Remember that being aware, being careful, and constantly changing security steps to deal with new threats are the most important parts of staying safe online. For further expert suggestions and assistance, you can get in touch with SafeAeon.