PUA

Address Tool Bar (PUA) removal

Malware Removal

The Address Tool Bar (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Address Tool Bar (PUA) virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Address Tool Bar (PUA)?



File Info:

crc32: 4E9D6E6F
md5: c115490cdc6209e099c220c7e1e187ae
name: dianhoozhq_1.9.11.1125.exe
sha1: 22b7acee950681fe24052452cc5755d23a6c1c02
sha256: cc53738a2125649cf022c52074251563f83acabb34892547cd94cfad993407bc
sha512: 6189b02a438cd7fb2d134e8b59c78d3830d6eac04e4d6a309366128274b80f341b298fc8d0e93e7f47c7866c194c1cf5c93752315125be2dfee6fdec633beac1
ssdeep: 196608:Pmjn9pooPkbUCezf4isgmsUE4UHE/8xcs9WdVQeywII:+3NkInzqXUHC8tWkeyw5
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: x7248x6743x6240x6709 xa9 2010-2011 www.dianhoo.com                                                                    
FileVersion: 1.9.11.1125         
CompanyName: www.dianhoo.com                                             
Comments: x6b64x5b89x88c5x7a0bx5e8fx7531 Inno Setup x6784x5efax3002
ProductName: x7535x72d0x624bx673ax7535x5f71x8f6cx6362x5668 beta                                              
ProductVersion: 1.9.11.1125         
FileDescription: x7535x72d0x624bx673ax7535x5f71x8f6cx6362x5668 beta                                              
Translation: 0x0804 0x0000

Address Tool Bar (PUA) also known as:

McAfeeArtemis!C115490CDC62
CylanceUnsafe
K7AntiVirusTrojan ( 0047fc7f1 )
K7GWTrojan ( 0047fc7f1 )
SophosAddress Tool Bar (PUA)
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
Trapminesuspicious.low.ml.score
Antiy-AVLGrayWare[AdWare]/Win32.Codiby.aga
VBA32SigAdware.BaiduOnlineNetworkTechnology(Beijing)Co.Ltd
ESET-NOD32a variant of Win32/Hao123.A potentially unwanted

How to remove Address Tool Bar (PUA)?

Address Tool Bar (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment