PUA

Generic PUA PO (PUA) removal

Malware Removal

The Generic PUA PO (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Generic PUA PO (PUA) virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Anomalous binary characteristics

Related domains:

www.zuhaowan.com

How to determine Generic PUA PO (PUA)?


File Info:

crc32: B3ED1EE4
md5: 6f9e1e58976fd8f9241cf6fd6bb58924
name: zhw_5.3.723.1_online.exe
sha1: fe12b01696a57f5a4c3c83a65cf46c2e892ffc48
sha256: 293f9fe72384e1e699bf1fce5c5a983b2b483f46199fdc957dd20f3f6e6dbfc3
sha512: 65f66b62900f2d1825bf9a1543fe8e77c9b9ffe5420035910377adabea63301c83ef9cc7a3d9263a7649b71a2b0d778e69b52104b8ef7df0ade9bb766dec42bc
ssdeep: 24576:OB4g1KC0cdTTFWA+FtYJNrw+hDfZcIxOOjg1/b5:OSFATToA+h6hJPCb5
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright xa9 daofeng. All Rights Reserved.
InternalName: loader
FileVersion: 5, 3, 723, 1
CompanyName: x5200x950bx7f51x7edc
Comments:
ProductName: zuhaowan
ProductVersion: 5, 3, 723, 1
FileDescription: x79dfx53f7x73a9x63a8x5e7fx5728x7ebfx5b89x88c5x5305
OriginalFilename: loader.exe
Translation: 0x0804 0x04b0

Generic PUA PO (PUA) also known as:

BkavW32.AIDetectVM.malware2
MicroWorld-eScanTrojan.GenericKD.33298821
McAfeeGenericRXAA-AA!6F9E1E58976F
SangforMalware
BitDefenderTrojan.GenericKD.33298821
Cybereasonmalicious.696a57
SymantecML.Attribute.HighConfidence
APEXMalicious
GDataTrojan.GenericKD.33298821
Ad-AwareTrojan.GenericKD.33298821
SophosGeneric PUA PO (PUA)
McAfee-GW-EditionBehavesLike.Win32.Injector.tc
FireEyeTrojan.GenericKD.33298821
EmsisoftTrojan.GenericKD.33298821 (B)
SentinelOneDFI – Malicious PE
ArcabitTrojan.Generic.D1FC1985
AegisLabTrojan.Win32.Generic.4!c
MicrosoftPUA:Win32/CoinMiner
BitDefenderThetaGen:NN.ZexaCO.34090.lnMfa0jjs5fj
ALYacTrojan.GenericKD.33298821
VBA32BScope.Trojan.Wofith
RisingPUA.CoinMiner!8.4639 (CLOUD)
AVGWin32:TrojanX-gen [Trj]
AvastWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Generic PUA PO (PUA)?

Generic PUA PO (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment