PUA

How to remove “Generic PUA NG (PUA)”?

Malware Removal

The Generic PUA NG (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic PUA NG (PUA) virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Code injection with CreateRemoteThread in a remote process

Related domains:

z.whorecord.xyz
a.tomx.xyz
soft.iyouxia.com

How to determine Generic PUA NG (PUA)?



File Info:

crc32: D63B6A2A
md5: d3602563b35bb21737f6a3c087fa3061
name: The.Legend.of.Heroes.Trails.of.Cold.Steel.III.CHS.PATCH.V1.2-ALI213.exe
sha1: 8cf7ee1b3d34b301210f8be83bde7915b4fa9678
sha256: a22603416d6944c3f3afefa69af2a440460f83dfe32e0d9e7534e553e3c2cb57
sha512: c2a20b55969e05f15fd04e226d0f798ba01db085b2206a0a513f157caa982165d3312082c35926b27046d65b628aba05e06b9f3441502dd36d6593b8b9e8629f
ssdeep: 393216:52Ibwhl+A+p1LM/UwF44K3FC/cWKNbYjf1CngHNrclCGjn1j+ay:5zkKp1LM/UwM3FYjwngtIl7jQ
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: CopyRight (C) 1999-2013 ALi213.Net All Right Reserved
InternalName: x6c49x5316x5b89x88c5x5305
FileVersion: 1.0.0.287
CompanyName: x6e38x4fa0x7f51
ProductName: x6c49x5316x5b89x88c5x5305
ProductVersion: 1.0.0.287
FileDescription: x6c49x5316x5b89x88c5x5305
OriginalFilename: x6c49x5316x5b89x88c5x5305.exe
Translation: 0x0009 0x04b0

Generic PUA NG (PUA) also known as:

ZillyaDropper.VB.Win32.64952
Invinceaheuristic
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.AAuto.A suspicious
APEXMalicious
NANO-AntivirusTrojan.Win32.Agent.drkald
DrWebTrojan.Click3.12087
FortinetRiskware/Application
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.d3602563b35bb217
SophosGeneric PUA NG (PUA)
Antiy-AVLRiskWare[RiskTool]/Win32.Agent
Endgamemalicious (moderate confidence)
MicrosoftPUA:Win32/Alibox
Acronissuspicious
McAfeeArtemis!FB8F346F024C
VBA32TrojanDropper.Agent
MalwarebytesTrojan.Downloader
PandaTrj/Genetic.gen
RisingPUA.Alibox!8.F63B (CLOUD)
YandexTrojan.Click!JEWKT0yHUxE
SentinelOneDFI – Malicious PE

How to remove Generic PUA NG (PUA)?

Generic PUA NG (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment