PUA

PUA.LLCMail.DC7 removal tips

Malware Removal

The PUA.LLCMail.DC7 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUA.LLCMail.DC7 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid

How to determine PUA.LLCMail.DC7?


File Info:

name: 91EDEAE232B27E919C56.mlw
path: /opt/CAPEv2/storage/binaries/d518b2d029ca0c59be1920b0ffa446f6185db50af648179b53e06a90817b540a
crc32: 3C5AEF0D
md5: 91edeae232b27e919c567104084190ee
sha1: 0a797f7a4a7994e0366b468600270875598a1311
sha256: d518b2d029ca0c59be1920b0ffa446f6185db50af648179b53e06a90817b540a
sha512: 70ab9e345b325ad312afcbf1fabe00f0c376335d584dceed4d932270f858cfdda3432fc912c4cbab3edd07f1eb19c3bceb830f325084011854663c4c6b44e678
ssdeep: 3072:q6W2P7lLQYENlfvKywT9Vo2haXZ8Aj2yyyyy2lLtdF2UjLHA2b6y1L:qG4lEPo2Kyhyyyyy2lLtdF2Uv5bvL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16A343A4BE62370C1CC2E473415361D792A77BD6E50A051BC26CAFF25B9EF1A319B12E8
sha3_384: 8154f61fefa23bddc6be28fc47a2931107b5fecebea93e1cb8986321d373f1bdb9fa902f081704635e513e6a9880d576
ep_bytes: 5589e583ec18c7042402000000ff1554
timestamp: 2013-06-19 18:13:42

Version Info:

0: [No Data]

PUA.LLCMail.DC7 also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
DrWebTrojan.LoadMoney.1
MicroWorld-eScanGen:Application.LoadMoney.1
FireEyeGeneric.mg.91edeae232b27e91
CAT-QuickHealPUA.LLCMail.DC7
ALYacGen:Application.LoadMoney.1
CylanceUnsafe
ZillyaDownloader.LMNGen.Win32.8
K7AntiVirusTrojan ( 0040f53f1 )
K7GWTrojan ( 0049ebb61 )
Cybereasonmalicious.232b27
VirITTrojan.Win32.Cryptor.ND
CyrenW32/LoadMoney.B.gen!Eldorado
SymantecSecurityRisk.gen1
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.BWAI
APEXMalicious
ClamAVWin.Malware.Loadmoney-6795240-0
Kasperskynot-a-virus:AdWare.Win32.LMN.apm
BitDefenderGen:Application.LoadMoney.1
NANO-AntivirusTrojan.Win32.LoadMoney.ccmivx
SUPERAntiSpywareTrojan.Agent/Gen-LoadMoney
AvastWin32:LoadMoney-ATG [Adw]
Ad-AwareGen:Application.LoadMoney.1
EmsisoftGen:Application.LoadMoney.1 (B)
ComodoTrojWare.Win32.Kryptik.AXJX@4vl4hu
BaiduWin32.Trojan.Kryptik.dl
VIPREGen:Application.LoadMoney.1
McAfee-GW-EditionPWS-Zbot-FBDD!91EDEAE232B2
Trapminemalicious.high.ml.score
SophosTroj/LdMon-A
IkarusTrojan.Win32.Dorv
GDataGen:Application.LoadMoney.1
JiangminTrojan/Generic.atwqf
GoogleDetected
AviraPUA/LoadMoney.qoib
MAXmalware (ai score=74)
Antiy-AVLTrojan/Generic.ASBOL.C628
ArcabitApplication.LoadMoney.1
MicrosoftProgram:Win32/Bitrepeyu.B
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.ADH.C216600
McAfeePWS-Zbot-FBDD!91EDEAE232B2
VBA32BScope.Downloader.LMN
MalwarebytesPUP.Optional.LoadMoney
RisingTrojan.Agent!1.6956 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecurenot-a-virus:Downloader.LMN.a
FortinetW32/Generic.AC.6F6F!tr
AVGWin32:LoadMoney-ATG [Adw]
CrowdStrikewin/malicious_confidence_90% (W)

How to remove PUA.LLCMail.DC7?

PUA.LLCMail.DC7 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment