PUA

PC Wizard Password Library (PUA) removal guide

Malware Removal

The PC Wizard Password Library (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PC Wizard Password Library (PUA) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine PC Wizard Password Library (PUA)?



File Info:

name: CF30F8F7F919E1B1AB96.mlw
path: /opt/CAPEv2/storage/binaries/d699c591721411b5fd2287a116740b313382b236eb161836bca0b8e3eec56f54
crc32: E0E62CB5
md5: cf30f8f7f919e1b1ab969c6f41e28b4c
sha1: 9cb2b7570f1bfb54e0f29b0c6c94c5805a537310
sha256: d699c591721411b5fd2287a116740b313382b236eb161836bca0b8e3eec56f54
sha512: f3d2b6c1e14aac5ae9d71146b349f338794c968a3fac1311020edfb3876ed4bf23925d4e2cac52985d4894f91b049f0396295039dc4da6396c68ac09bf1c9a67
ssdeep: 49152:v2F3r4p7yVm5+9iHe5P+wk/QKbjn/zvdVbQVmykqP6hJCRuR8AGDew7coZFx3mi/:uF380EKiHiP+nxj/zdVsmfqP6B8AGDtB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T161D533F3092090B9D467AFB48C86E056A87E7515C870B870B1EDAEFFED2B5A5140D39C
sha3_384: 4894e7d7c98393b6660fb7e2ba739de9249b93e10a59601a049cd8b2fdd98b7230240e0fa13b9af2cc7bd5a7b07d44fc
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: ISB AG                                                      
FileDescription: TecDoc System Analyzer 1.0 Setup                            
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: TecDoc System Analyzer 1.0                                  
ProductVersion:                     
Translation: 0x0000 0x04b0

PC Wizard Password Library (PUA) also known as:

SophosPC Wizard Password Library (PUA)
Antiy-AVLTrojan/Generic.ASMalwS.252ED30

How to remove PC Wizard Password Library (PUA)?

PC Wizard Password Library (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment