PUA:Win32/Avarus removal guide

The PUA:Win32/Avarus is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PUA:Win32/Avarus virus can do?

Creates RWX memory
Reads data out of its own binary image
Drops a binary and executes it
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Installs itself for autorun at Windows startup
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

installer.ppdownload.com

a.tomx.xyz

How to determine PUA:Win32/Avarus?


File Info:
crc32: 6CB05023
md5: 8529ad4cc6853ed95a4c847ab993f7f6
name: multiplicationtablesetup.exe
sha1: 0e4be463b5bfa377c2bae6b669dd5ae29b9d3f6c
sha256: 3f64f8393754d52e8c430717d9673164535c474dedccaf550516c9eb49865297
sha512: 4976d8f9ecef5742401338b29ca1f6b6ea23051bdf020c95d47087fd87c02872075437e36d97b7ca42e6fbb07667c23346766865a32a83e422f0a186121ec010
ssdeep: 12288:OE2ArFBW4zcfmQT5XxrxuiABXpf3PKk9hxsesWj7TlalYAyBMJ3:OE3rFB5jK5XdlAbfXhllalhyat
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Version Info:
LegalCopyright: RSpark
CompanyName: Multiplication Table
LegalTrademarks: Multiplication Table
Comments: Multiplication Table
ProductName: Multiplication Table
ProductVersion: 3.0
FileDescription: Quickly create easy to use and easy to print multiplication tables from you computer
Translation: 0x0000 0x04e4

PUA:Win32/Avarus also known as:

Bkav	W32.HfsAdware.A935
DrWeb	Trojan.OutBrowse.1014
MicroWorld-eScan	Application.Bundler.Outbrowse.F
FireEye	Application.Bundler.Outbrowse.F
CAT-QuickHeal	TrojanDownloader.NSIS.OutBrow
Cylance	Unsafe
VIPRE	OutBrowse (fs)
AegisLab	Riskware.NSIS.OutBrowse.1!c
Sangfor	Malware
K7AntiVirus	Adware ( 0055c2341 )
BitDefender	Application.Bundler.Outbrowse.F
K7GW	Adware ( 0055c2341 )
Cybereason	malicious.cc6853
Invincea	heuristic
Symantec	Trojan.Gen.MBT
TotalDefense	Win32/Tnega.XAWT!suspicious
APEX	Malicious
GData	Win32.Application.Outbrowse.X
Kaspersky	not-a-virus:Downloader.NSIS.OutBrowse.a
Alibaba	Downloader:Win32/OutBrowse.dd8c95d3
NANO-Antivirus	Trojan.Win32.Adw.ctrgoq
ViRobot	Adware.Outbrowse.587125
Rising	Adware.Outbrowse!1.A0B6 (CLASSIC)
Emsisoft	Application.Bundler.Outbrowse.F (B)
Comodo	ApplicUnwnt@#1jyt9wdbsrzly
F-Secure	Application:W32/Outbrowse
Baidu	NSIS.Adware.Generic.a
McAfee-GW-Edition	NSIS/Outbrowse.a
Trapmine	malicious.moderate.ml.score
Ikarus	AdWare
Jiangmin	AdWare/OutBrowse.a
Webroot	Pua.Outbrowse
Avira	PUA/Outbrowse.Gen
MAX	malware (ai score=100)
Antiy-AVL	GrayWare[Downloader]/Win32.Adload.gen
Endgame	malicious (high confidence)
Arcabit	Application.Bundler.Outbrowse.F
SUPERAntiSpyware	PUP.OutBrowse/Variant
ZoneAlarm	not-a-virus:Downloader.NSIS.OutBrowse.a
Microsoft	PUA:Win32/Avarus
Acronis	suspicious
McAfee	Artemis!8529AD4CC685
VBA32	Downloader.OutBrowse
Malwarebytes	PUP.Optional.OutBrowse
ESET-NOD32	Win32/OutBrowse.D potentially unwanted
Yandex	PUA.OutBrowse!
SentinelOne	DFI – Suspicious PE
eGambit	Generic.Downloader
Fortinet	Riskware/NSIS_OutBrowse
AVG	FileRepMetagen [Adw]
CrowdStrike	win/malicious_confidence_80% (D)
Qihoo-360	Generic/Virus.Downloader.464

How to remove PUA:Win32/Avarus?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

PUA:Win32/Avarus removal guide