PUA

PUA.OpensupdaterRI.S21233332 removal guide

Malware Removal

The PUA.OpensupdaterRI.S21233332 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUA.OpensupdaterRI.S21233332 virus can do?

  • Presents an Authenticode digital signature
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Authenticode signature is invalid

How to determine PUA.OpensupdaterRI.S21233332?


File Info:

name: 801EF201195C44DF8D77.mlw
path: /opt/CAPEv2/storage/binaries/c73feab9ebea10c8e766581bd6577c88e82d223d0b26252e62d809307dcb8089
crc32: 1DE021FB
md5: 801ef201195c44df8d7790964173ee74
sha1: 1fc3e7cc26e7a1ed498fdaaf8ddb3ea53c90363a
sha256: c73feab9ebea10c8e766581bd6577c88e82d223d0b26252e62d809307dcb8089
sha512: 3c62ca9114ed04c82b0769e0292c1528b07c1c6ac54d0999ad00c7fb2b9bd60499e117b5d235c56fc5d51cbf4afd551b063cd1d80b232be2a77fbdb238afb6c5
ssdeep: 98304:qfuNDD9utjjpHpUUA56TkPKUMPJ6ALO7cEZKh4ap:qfuNdut+56vPxta74bp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18B16335AB5CB9D12CAB2BDB6B8D923B591583F0125A4CFC207A42CB73CF01E66B4D581
sha3_384: c1124c4ea1ba78d5ea584df5ab3bf1676eb7245e09dc81a98c3c2deb520dd2778e6addd3a0639331b76caa6d39ed36e2
ep_bytes: 81ec8401000053565733db6801800000
timestamp: 2019-12-16 00:50:50

Version Info:

CompanyName: Primero Updater Company
FileDescription: PrimeroUpdater
FileVersion: 1.0.0.0
LegalCopyright: © Primero Updater Company 2020
ProductName: PrimeroUpdater
ProductVersion: 1.0.0.0[4/18/2020.07:57:32]
Translation: 0x0409 0x04e4

PUA.OpensupdaterRI.S21233332 also known as:

LionicRiskware.Win32.Cerbu.1!c
Elasticmalicious (high confidence)
DrWebAdware.Downware.19850
MicroWorld-eScanGen:Variant.Cerbu.94346
FireEyeGen:Variant.Cerbu.94346
CAT-QuickHealPUA.OpensupdaterRI.S21233332
McAfeeArtemis!801EF201195C
CylanceUnsafe
SangforRiskware.Win32.Wacapew.C
K7AntiVirusAdware ( 0057b4681 )
AlibabaAdWare:MSIL/OpenSUpdater.5f81d529
K7GWAdware ( 0057b4681 )
CyrenW32/Trojan.YCXU-3067
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Adware.OpenSUpdater.F
Paloaltogeneric.ml
BitDefenderGen:Variant.Cerbu.94346
AvastWin32:AdwareSig [Adw]
VIPREMSIL.Adware.OpenSUpdater
McAfee-GW-EditionArtemis!PUP
EmsisoftApplication.Updater (A)
IkarusAdWare.MSIL.Opensupdater
WebrootW32.Adware.Gen
AviraHEUR/AGEN.1143312
Antiy-AVLTrojan/Generic.ASMalwS.32C72A8
MicrosoftTrojan:Win32/Wacatac.B!ml
ViRobotAdware.Downware.4285448
GDataGen:Variant.Cerbu.94346
CynetMalicious (score: 99)
VBA32Adware.Downware
ALYacGen:Variant.Cerbu.94346
MalwarebytesAdware.SpecialSearchOffer
APEXMalicious
MAXmalware (ai score=88)
FortinetAdware/OpenSUpdater
AVGWin32:AdwareSig [Adw]
Cybereasonmalicious.1195c4
PandaTrj/CI.A

How to remove PUA.OpensupdaterRI.S21233332?

PUA.OpensupdaterRI.S21233332 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment