PUA

PUA.Maxsetup.Gen removal guide

Malware Removal

The PUA.Maxsetup.Gen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA.Maxsetup.Gen virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine PUA.Maxsetup.Gen?



File Info:

name: 741632384FFB065E1746.mlw
path: /opt/CAPEv2/storage/binaries/a3e0a0f0ab60af75f9106d33d5577dd0d06040c0f3cadc9767658688ef17e8c9
crc32: 9776A3BD
md5: 741632384ffb065e174698b20af93184
sha1: 0a92bc28b8df9df15412a56fcd9de56d6f1f1748
sha256: a3e0a0f0ab60af75f9106d33d5577dd0d06040c0f3cadc9767658688ef17e8c9
sha512: 083ef1a9430577ff43cd2bb3f783d4db11e81e0e6eeea6e740cf25eb6d51296af8a828cdc2eed216bba95875e999058facd1f675fd25c64fb0014f33013f67cc
ssdeep: 12288:CBopiAlYRJdbDhFTPrkDqzYYcM2qFC2ulymZWuLR1y3kb+1Cr7lcm+:CBo8AlYRNJPrqqt2qFCjl3/yUgIlcm+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T138D4239365944470D79342FDA83EF0A256B2BD361E3301AD30CDA9CC5BA7C629A15FF2
sha3_384: 01123d77b2603663a7b8b11539bdce08105d40088fa92f00c9b1d3f55bf293d06a6c9875100e4ed07bb54129c4ac8ef9
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription:                                                             
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName:                                                             
ProductVersion:                     
Translation: 0x0000 0x04b0

PUA.Maxsetup.Gen also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Packed.24524
CAT-QuickHealPUA.Maxsetup.Gen
CylanceUnsafe
K7AntiVirusUnwanted-Program ( 00575d2f1 )
K7GWUnwanted-Program ( 00575d2f1 )
CrowdStrikewin/grayware_confidence_100% (W)
VirITAdware.Win32.MultiBundle.R
CyrenW32/A-ea8e687b!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32Win32/InstallCore.Gen.A potentially unwanted
APEXMalicious
ClamAVWin.Trojan.Generic-9941703-0
Kasperskynot-a-virus:HEUR:AdWare.Win32.DealPly.gen
NANO-AntivirusRiskware.Win32.InstallCore.dcnbiy
TencentWin32.Adware.Bp-installer.Ecbm
SophosInstall Core Click run software (PUA)
ComodoTrojWare.Win32.InstallCore.MJLR@5adqof
F-SecurePotentialRisk.PUA/InstallCore.Gen7
ZillyaAdware.InstallCoreCRTD.Win32.291
McAfee-GW-EditionArtemis
Trapminemalicious.high.ml.score
EmsisoftApplication.InstallCore (A)
IkarusTrojan-Spy.Zbot
WebrootW32.Adware.Installcore.Gen
GoogleDetected
AviraPUA/InstallCore.Gen7
Antiy-AVLTrojan/Generic.ASBOL.7A39
MicrosoftPUADlManager:Win32/InstallCore
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.DealPly.gen
GDataWin32.Application.InstallCore.L
CynetMalicious (score: 99)
AhnLab-V3PUP/Win32.InstallCore.R339324
Acronissuspicious
McAfeeArtemis!741632384FFB
VBA32Malware-Cryptor.InstallCore.gen
MalwarebytesPUP.Optional.InstallCore
RisingAdware.InstallCore!1.AB2C (CLASSIC)
YandexPUA.InstallCore!OlrQu2x71sU
SentinelOneStatic AI – Malicious PE
MaxSecureAdware.not-a-virus.WIN32.AdWare.DealPly.gen_186490
FortinetRiskware/InstallCore
AVGFileRepMalware [Trj]
AvastFileRepMalware [Trj]

How to remove PUA.Maxsetup.Gen?

PUA.Maxsetup.Gen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment