PUA

PUA:Win32/DownloadSponsor removal guide

Malware Removal

The PUA:Win32/DownloadSponsor is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA:Win32/DownloadSponsor virus can do?

  • Network activity detected but not expressed in API logs

How to determine PUA:Win32/DownloadSponsor?



File Info:

crc32: F548BC91
md5: 765d467a09ad59b1ec911cbb74801721
name: WarzB.exe
sha1: b8f11112eabbe651c682bd72a438e3e34e3ba040
sha256: 68e603c7dc78e51272fdede4b2807b87a7072b458af2949fb30c5bfac5a2086d
sha512: b876b9a69726cc5d6dcd14e5d220e3108034295e769b2a168dbd3b06ca9828dc8404cde0024d81e1cdb7a76693fc6839d575e8b82f93a0d2428b211b1e093f5b
ssdeep: 6144:zvgZmf1VyNgaMzZi4gIsc/bd9HHXNR9X:jNVyNga0gcp9H3NR9X
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Jitbit 2010-2015
Assembly Version: 5.8.0.0
InternalName: ExeTemplate.exe
FileVersion: 5.8.0.0
CompanyName: Jitbit Macro Recorder
Comments: Macro Recorder
ProductName: MacroRecorder
ProductVersion: 5.8.0.0
FileDescription: MacroRecorder
OriginalFilename: ExeTemplate.exe

PUA:Win32/DownloadSponsor also known as:

FireEyeGeneric.mg.765d467a09ad59b1
Cybereasonmalicious.a09ad5
TrendMicroTrojanSpy.MSIL.BOBIK.SM
SymantecML.Attribute.HighConfidence
APEXMalicious
DrWebTrojan.Siggen8.50331
Invinceaheuristic
IkarusTrojan.SPY.Bobik
JiangminTrojanSpy.MSIL.abss
Endgamemalicious (high confidence)
MicrosoftPUA:Win32/DownloadSponsor
TrendMicro-HouseCallTrojanSpy.MSIL.BOBIK.SM
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Bobik.SM!tr

How to remove PUA:Win32/DownloadSponsor?

PUA:Win32/DownloadSponsor removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment