Categories: PUA

Generic PUA IB (PUA) information

The Generic PUA IB (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic PUA IB (PUA) virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Network activity detected but not expressed in API logs
  • Created a service that was not started

How to determine Generic PUA IB (PUA)?



File Info:

crc32: 51E91808md5: dc017cb108a0db9836347e7e304f2e11name: winpimserver621.exesha1: 8170495f748a4a7998e5a17574c67ffdc37e2efbsha256: 248931187ff5dda205437cf92986086a9b3e4fc1e05c80afdf0c2a4b99f6193dsha512: b968ddd5b2547a240bfa2caf8664ecba007ec61b189a2fe23c5f90289d8d02485dca9e4031d390095b2a040d3ead172bc1140b649b3e042c02146a00d068f29assdeep: 98304:nqwYSkYQhd2UXdzyWHr6hRxtvDTSGzn1CT/yGeoXi:qwYtYQhzByWLYj2+YTzytype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright:                                                                                                     FileVersion: 6.21.0.308          CompanyName: YQSoft, Inc.                                                Comments: This installation was built with Inno Setup.ProductName: WinPIM Server                                               ProductVersion: 6.21.0.308                                        FileDescription: WinPIM Server Setup                                         Translation: 0x0000 0x04b0

Generic PUA IB (PUA) also known as:

McAfee Artemis!DC017CB108A0
Cylance Unsafe
Sangfor Malware
Kaspersky Trojan-Dropper.MSIL.Agent.seskba
Alibaba TrojanDropper:MSIL/Generic.e611e0d9
AegisLab Trojan.MSIL.Agent.b!c
Tencent Msil.Trojan-dropper.Agent.Wqwf
Sophos Generic PUA IB (PUA)
McAfee-GW-Edition BehavesLike.Win32.BadFile.rc
ZoneAlarm Trojan-Dropper.MSIL.Agent.seskba
Microsoft PUA:Win32/Presenoker
VBA32 TrojanDropper.MSIL.Agent
Fortinet Riskware/Agent

How to remove Generic PUA IB (PUA)?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Generic PUA IB (PUA)
4 years ago

Recent Posts

What is “Malware.AI.1865006162”?

The Malware.AI.1865006162 is considered dangerous by lots of security experts. When this infection is active,…

24 mins ago

Trojan.Win32.Agent.xbnsym removal guide

The Trojan.Win32.Agent.xbnsym is considered dangerous by lots of security experts. When this infection is active,…

39 mins ago

Backdoor:Win32/AsyncRAT removal tips

The Backdoor:Win32/AsyncRAT is considered dangerous by lots of security experts. When this infection is active,…

45 mins ago

Win32:VB-NPD [Wrm] removal instruction

The Win32:VB-NPD [Wrm] is considered dangerous by lots of security experts. When this infection is…

54 mins ago

About “Symmi.4579” infection

The Symmi.4579 is considered dangerous by lots of security experts. When this infection is active,…

55 mins ago

What is “Lazy.487114”?

The Lazy.487114 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago