PUA

How to remove “Generic PUA FF (PUA)”?

Malware Removal

The Generic PUA FF (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generic PUA FF (PUA) virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Network activity contains more than one unique useragent.
  • Anomalous binary characteristics

Related domains:

download.onlineappupdater.com
d.likeavirgin.io
ocsp.digicert.com
s.symcd.com
sw.symcd.com
collect.installeranalytics.com
d168nxk9a04yzx.cloudfront.net
webcompanion.com

How to determine Generic PUA FF (PUA)?


File Info:

crc32: E3D51CE4
md5: 34373519858e1bb16fdc8afe3cdbe0e5
name: 34373519858E1BB16FDC8AFE3CDBE0E5.mlw
sha1: 55cee2e1a88be1a7c2ae327b5433ac2d726afee6
sha256: bbc1eb926c85dbe54d154c1e2e18ec1bd01fab3e77bc3598d627480f00e471e2
sha512: afa347e7f103ee4e9f0de6d4091ffeca750b76a38dce06adcf670a70e7eaef06d0afd0efb417feac873e67a2c9bbfd7076dc0c83efbedf5a3555b5a46918d7d8
ssdeep: 1536:KpgpHzb9dZVX9fHMvG0D3XJZ4Romu/dZ6k7OSIGlf2mBi3nS:IgXdZt9P6D3XJZ453k7f7OhnS
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Version Info:

0: [No Data]

Generic PUA FF (PUA) also known as:

McAfeeArtemis!34373519858E
CylanceUnsafe
AegisLabAdware.Win32.Neoreklami.2!c
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
CyrenW32/Trojan.BIOK-6357
SymantecTrojan.Gen.MBT
APEXMalicious
Kasperskynot-a-virus:HEUR:AdWare.Win32.Neoreklami.gen
AlibabaAdWare:Win32/Neoreklami.7fde6057
ViRobotTrojan.Win32.Z.Neoreklami.75602
ComodoApplicUnwnt@#23bs1xd9sz9io
DrWebTrojan.DownLoad4.14213
ZillyaAdware.Neoreklami.Win32.19734
TrendMicroTROJ_GEN.R002C0PAS21
McAfee-GW-EditionBehavesLike.Win32.Dropper.lc
SophosGeneric PUA FF (PUA)
IkarusTrojan-Downloader.NSIS.Adload
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.Neoreklami.gen
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4298296
VBA32suspected of Trojan.Downloader.gen.h
MalwarebytesGeneric.Malware/Suspicious
TrendMicro-HouseCallTROJ_GEN.R002C0PAS21
FortinetAdware/Neoreklami
Paloaltogeneric.ml
Qihoo-360Win32/Virus.Adware.d36

How to remove Generic PUA FF (PUA)?

Generic PUA FF (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment