How to remove “PUA:Win32/CoinMiner”?

The PUA:Win32/CoinMiner is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What PUA:Win32/CoinMiner virus can do?

• Unconventionial language used in binary resources: Chinese (Simplified)
• The binary likely contains encrypted or compressed data.
• The executable is compressed using UPX

How to determine PUA:Win32/CoinMiner?

File Info:
crc32: 63E06B35md5: 3101529c3d8a95646d012883a9b47276name: xmrig.exesha1: 629fa66673d990de923d44212bc79c357f23e2eesha256: 0e314a0ec211585fdbfb8e2ca5bccef24105a05af59cc38cce0aa13ca1bb922esha512: 102f184d383993aea4d599b51b8d055900b82f3c3cc29282ad7868925ea292b17a72b31dabad9fef7ddf44e6ab152ca00fc6b6fde09d928d0c641b7da85a5ecbssdeep: 12288:cKuifYUfVJ4RsB8qd2ySgGjeP35xKEGogzrKJa4jWMWxOP3pKSEjWodjOl:cK74R68qdO7TzIa4jW38ftype: PE32+ executable (GUI) x86-64, for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2016-2019 NicoSoft.ioFileVersion: 5.0.0CompanyName: NicoSoftProductName: NicoSoftProductVersion: 5.0.0FileDescription: nicosoftOriginalFilename: nicosoft.exeTranslation: 0x0000 0x04b0

PUA:Win32/CoinMiner also known as:

MicroWorld-eScan	Trojan.GenericKD.32727151
McAfee	RDN/Generic.dx
Cylance	Unsafe
K7AntiVirus	Adware ( 0054d80b1 )
Alibaba	Trojan:Win32/CoinMiner.ali1004001
K7GW	Adware ( 0054d80b1 )
CrowdStrike	win/malicious_confidence_60% (W)
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/CoinMiner.OF potentially unwanted
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Miner.actwa
BitDefender	Trojan.GenericKD.32727151
Rising	Trojan.Win32/64.XMR-Miner!1.ADCC (TFE:5:SmImTGlw5gU)
Ad-Aware	Trojan.GenericKD.32727151
F-Secure	Heuristic.HEUR/AGEN.1043682
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win64.FakeAlertSysDef.bc
Fortinet	Riskware/Miner
FireEye	Generic.mg.3101529c3d8a9564
Sophos	Generic PUA GC (PUA)
SentinelOne	DFI – Suspicious PE
Avira	HEUR/AGEN.1043682
MAX	malware (ai score=88)
Antiy-AVL	GrayWare/Win32.Kryptik.BQX
Endgame	malicious (moderate confidence)
Arcabit	Trojan.Generic.D1F3606F
ZoneAlarm	Trojan.Win32.Miner.actwa
Microsoft	PUA:Win32/CoinMiner
AhnLab-V3	Malware/Win64.Generic.C3565496
Acronis	suspicious
ALYac	Trojan.GenericKD.32727151
Malwarebytes	Trojan.BitCoinMiner
TrendMicro-HouseCall	TROJ_GEN.R023C0PKM19
Ikarus	Trojan.Win64.CoinMiner
GData	Trojan.GenericKD.32727151
AVG	FileRepMetagen [Malware]
Cybereason	malicious.673d99
Avast	FileRepMetagen [Malware]
Qihoo-360	Win32/Trojan.da6

How to remove PUA:Win32/CoinMiner?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.