Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/PUA
Threat report

How to remove “PUA.ObfuscatedPMF.S31670779”?

Published Apr 18, 2024 PUA category 2 min read
Report context

What to verify before removal

This pua entry is most useful when How to remove “PUA.ObfuscatedPMF.S31670779”? appears after a software bundle, browser extension install, or unwanted system utility. Treat it as moderate risk until you confirm whether the alert is tied to browser settings, scheduled tasks, or a persistent updater.

Start by comparing the local file name with 469EAA55487BFA6C9BD6.mlw, then review the behavior notes for bundled installers, browser policy changes, notification abuse, and unwanted startup entries. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
469EAA55487BFA6C9BD6.mlw
  • Compare the suspicious file name with 469EAA55487BFA6C9BD6.mlw.
  • Confirm the detection name matches How to remove “PUA.ObfuscatedPMF.S31670779”? before removing related files.
  • Review the report for bundled installers, browser policy changes, notification abuse, and unwanted startup entries so the cleanup is based on observed behavior, not only the label.
  • Remove the unwanted app, reset affected browser settings, and check extensions before reconnecting accounts.

The PUA.ObfuscatedPMF.S31670779 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What PUA.ObfuscatedPMF.S31670779 virus can do?

  • Uses Windows utilities for basic functionality
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Overwrites local Administrator password
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities

How to determine PUA.ObfuscatedPMF.S31670779?



File Info:

name: 469EAA55487BFA6C9BD6.mlw
path: /opt/CAPEv2/storage/binaries/0f33027204396b875e6869f3e3ad95c95e42dac25524d725185db2f96754ef3a
crc32: 9DD3DB6A
md5: 469eaa55487bfa6c9bd6414bb72cb9ab
sha1: 00fb8ac3a1bb0ce3d732f16f816dd61cf6e7c261
sha256: 0f33027204396b875e6869f3e3ad95c95e42dac25524d725185db2f96754ef3a
sha512: 57011f75d51f076c471f3eef19ce1e28a5751a56ef6766d15ed5327e15da999e7611f49039edfac5185b0d81a34632a7d912275e6c79696dbf7248458947415c
ssdeep: 1536:R97fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfhwp8Oy:Rp7DhdC6kzWypvaQ0FxyNTBfhGS
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1AA936D41F3E202F7E6F2053100A6762FD73662389764A8EBC74C3D529913AD5A63D3E9
sha3_384: 7ba26eee5507eb9d1771c0c8e4ec726c3b82c38eac1b0fad1dab6e8194b26b76e88836897c92b59fdb979c7ef8d97270
ep_bytes: 68ac00000068000000006868804100e8
timestamp: 2019-07-30 08:52:45


Version Info:

0: [No Data]

PUA.ObfuscatedPMF.S31670779 also known as:

Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.72210904
FireEye Generic.mg.469eaa55487bfa6c
CAT-QuickHeal PUA.ObfuscatedPMF.S31670779
Skyhigh BehavesLike.Win32.Generic.mh
ALYac Trojan.GenericKD.72210904
Cylance unsafe
Sangfor Trojan.Win32.Save.a
Alibaba Trojan:Win32/Kryptik.90c70ca6
Symantec ML.Attribute.HighConfidence
TrendMicro-HouseCall TROJ_GEN.R002H0CD124
ClamAV Win.Trojan.Generic-10011119-0
BitDefender Trojan.GenericKD.72210904
Avast Win32:Evo-gen [Trj]
Emsisoft Trojan.GenericKD.72210904 (B)
VIPRE Trojan.GenericKD.72210904
Sophos Generic ML PUA (PUA)
MAX malware (ai score=81)
GData Trojan.GenericKD.72210904
Google Detected
Varist W32/Kryptik.AYO.gen!Eldorado
Arcabit Trojan.Generic.D44DD9D8
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
Malwarebytes Generic.Malware/Suspicious
Rising Trojan.Agent!8.B1E (RDMK:cmRtazqfvP9nXxQqBUWQaskR3ZLN)
Ikarus Trojan.Win32.Occamy
MaxSecure Trojan.Malware.187905819.susgen
Fortinet W32/Nitol.AB!tr
AVG Win32:Evo-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan:Win/Jatommy

How to remove PUA.ObfuscatedPMF.S31670779?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.