PUA:Win32/Duowan removal instruction

The PUA:Win32/Duowan is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PUA:Win32/Duowan virus can do?

• Presents an Authenticode digital signature
• Unconventionial language used in binary resources: Chinese (Simplified)
• The binary likely contains encrypted or compressed data.
• The executable is compressed using UPX
• Network activity detected but not expressed in API logs

How to determine PUA:Win32/Duowan?

File Info:
crc32: 0D0EDDD9
md5: afff3539e509b2d9e9d29aa0c21a1962
name: update_new.exe
sha1: 9c76d70fa9be4cf946e0af55edb522b95770d203
sha256: 314624a2850196562f33df1163942f9916b52e02ecad82fb9620e14f4c1b1913
sha512: e31b4786a77d9a3a09380bd432bc257b29be3f1353aa18fd0ca889c18ea00f13cca6f4cf28b5f5a4c7395bcd29b21ad377db7bf43e0986dbe528be6039c6254d
ssdeep: 6144:3vNhc9TZvYTiZTkic2nxlKkrJ+rHMtoS2lc:VSlwYLcAN+rHMtoSuc
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
LegalCopyright: Copyright 2013 - 2016 Coofly. All Rights Reserved.
ProductName: x5728x7ebfx5347x7ea7x7a0bx5e8f
FileDescription: x5728x7ebfx5347x7ea7x7a0bx5e8f
FileVersion: 1.4.0.1
ProductVersion: 1.4.0.1
Translation: 0xffff 0x0000

PUA:Win32/Duowan also known as:

How to remove PUA:Win32/Duowan?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.