PUADlManager:Win32/LTLogger removal guide

The PUADlManager:Win32/LTLogger is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What PUADlManager:Win32/LTLogger virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
Authenticode signature is invalid

How to determine PUADlManager:Win32/LTLogger?


File Info:
name: ECB52E509CBD4E042C1D.mlw
path: /opt/CAPEv2/storage/binaries/6b74348d67230dc843f2a471f6b43f14c3090940b8bf805cafb12358040727d2
crc32: F50B7D8C
md5: ecb52e509cbd4e042c1ddccbc9460909
sha1: 8b9b6586fa16e4967a5b703090370ed48c320de9
sha256: 6b74348d67230dc843f2a471f6b43f14c3090940b8bf805cafb12358040727d2
sha512: 56953e0839e8e3299cbb494d1b2898127cc25dae46324d48be20b4536d7817ebb4818d5fa959e27fe0815504be3aee710107a4b936c1a0b36206e40080850db8
ssdeep: 196608:bMtL/Nhzi5q+/6NOxbcNFBcqUE14hllbcIIhgL30rYM9530qB3jdP:bMtLFh0SSbcNH1UE+hl1cK70cM95JjZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1599633F092A0A40CED6277B9FD8D05B5BF138E6D25E1DB225335771F2CB9A02A20BD15
sha3_384: 9103b2a58a49f0ab7cac2fb41d402587b4c0137a6f916805eacd65b647dd1be7cc8b9a7a64646a967d2019ed9766c12c
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-06-06 21:44:26

Version Info:
Comments: $PRODUCT_WEB
CompanyName: 极点五笔
FileDescription: 极点五笔 十周年纪念版安装程序
FileVersion: 7.15.0.0
LegalCopyright: Corporation. All rights reserved.
ProductName: 极点五笔 十周年纪念版
ProductVersion: 7.15.0.0
Translation: 0x0000 0x03a8

PUADlManager:Win32/LTLogger also known as:

Lionic	Trojan.Win32.Ltlogger.4!c
MicroWorld-eScan	Application.Generic.3469018
FireEye	Application.Generic.3469018
McAfee	Artemis!ECB52E509CBD
Cylance	unsafe
K7AntiVirus	Riskware ( 004c6a3e1 )
Alibaba	RiskWare:Win32/LTLogger.95a0cb72
K7GW	Riskware ( 004c6a3e1 )
Cybereason	malicious.09cbd4
ESET-NOD32	a variant of Win32/RiskWare.LTLogger.A
APEX	Malicious
ClamAV	Win.Trojan.Ramnit-7643
BitDefender	Application.Generic.3469018
Avast	FileRepMalware [Misc]
Sophos	Generic Reputation PUA (PUA)
DrWeb	Trojan.Siggen17.49140
VIPRE	Application.Generic.3469018
TrendMicro	ADW_ADLOAD
Emsisoft	Application.Generic.3469018 (B)
Ikarus	PUA.RiskWare.Ltlogger
GData	Application.Generic.3469018
Webroot	W32.Trojan.Startpage.Aaw@aaaaa
Google	Detected
Xcitium	Malware@#14ac43g406f9a
Arcabit	Application.Generic.D34EEDA
Microsoft	PUADlManager:Win32/LTLogger
AhnLab-V3	Trojan/BAT.Autorun.SC180455
ALYac	Application.Generic.3469018
MAX	malware (ai score=98)
VBA32	Trojan.Virtumod
Malwarebytes	Malware.AI.1579210920
TrendMicro-HouseCall	ADW_ADLOAD
Rising	PUA.LTLogger!8.F66A (RDMK:cmRtazoyCzacftWM8UKQ53KXQyg8)
MaxSecure	Trojan.Malware.74234224.susgen
Fortinet	Adware/LTLogger
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS
CrowdStrike	win/grayware_confidence_90% (W)

How to remove PUADlManager:Win32/LTLogger?

PUADlManager:Win32/LTLogger removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X