NirSoft ProduKey (PUA) removal guide

The NirSoft ProduKey (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What NirSoft ProduKey (PUA) virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine NirSoft ProduKey (PUA)?


File Info:
name: C7C886625CDF145ABD9B.mlw
path: /opt/CAPEv2/storage/binaries/2d05b500edcea148777040d654a4f50aa167367509db318c6806310f2e81f0f5
crc32: FEF8FFCA
md5: c7c886625cdf145abd9bb0a53d09e746
sha1: ae74b3c0994091d5f32f3f7a8bdba4151cac8ac6
sha256: 2d05b500edcea148777040d654a4f50aa167367509db318c6806310f2e81f0f5
sha512: 872cc2d6212495913831333255de120701c72f9d9808d3a0cd79165bee4088972177665583b15e270fe2738f9532435ac181d734bda0cccc36fdbfc7a3840d0d
ssdeep: 98304:08sjkjEVh1z8cS8jC+lJD24m4oVYUce2WruY0Kule:GjUEPapEVlN2zVYhr2uDL0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FF361222AFFD9364CE665133FA1567016E6B3C210120F84B2ED83D796A73163166FB63
sha3_384: 5ce7d343d2285b70b499813710ced2afb5d43c1f7ce1ac2bba294907c5570edccdc6704cc152399ce9a9834def27930a
ep_bytes: e8b8d00000e97ffeffffcccccccccccc
timestamp: 2022-01-16 15:23:52

Version Info:
0: [No Data]

NirSoft ProduKey (PUA) also known as:

Bkav	W32.AIDetect.malware1
FireEye	Generic.mg.c7c886625cdf145a
Cybereason	malicious.25cdf1
Arcabit	Trojan.Generic.D2414FC9
Cyren	W32/Application.YRJO-3887
ESET-NOD32	a variant of Win32/HackKMS.BF potentially unsafe
ClamAV	Win.Tool.Productkey-14
Kaspersky	HEUR:HackTool.Win32.KMSAuto.gen
BitDefender	Trojan.GenericKD.37834697
NANO-Antivirus	Trojan.Win32.Ool.dcuxet
Avast	Win32:PUP-gen [PUP]
Emsisoft	Trojan.GenericKD.37834697 (B)
McAfee-GW-Edition	BehavesLike.Win32.TrojanAitInject.rc
Sophos	NirSoft ProduKey (PUA)
MAX	malware (ai score=82)
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
GData	AIT:Trojan.Nymeria.4983 (3x)
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/AU3.AutoInj.S1107
VBA32	Trojan.Autoit.Banker
APEX	Malicious
Rising	Trojan.Win32.Generic.1A45514B (CLOUD)
Fortinet	Riskware/KMSAuto
AVG	Win32:PUP-gen [PUP]

How to remove NirSoft ProduKey (PUA)?

NirSoft ProduKey (PUA) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X