PUA:Win32/HealthFix removal instruction

The PUA:Win32/HealthFix is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What PUA:Win32/HealthFix virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
Authenticode signature is invalid

How to determine PUA:Win32/HealthFix?


File Info:
name: 2386A177F364505E3AA9.mlw
path: /opt/CAPEv2/storage/binaries/dee4127d7c9a6132bc6cdcc52cd7cad97bfd05e51fcf6db0a17c907f45eb2c64
crc32: 6139107B
md5: 2386a177f364505e3aa9f3cb1c895d39
sha1: 48a85088b3c0a401d0922e9f434578b0ed3f995e
sha256: dee4127d7c9a6132bc6cdcc52cd7cad97bfd05e51fcf6db0a17c907f45eb2c64
sha512: 30e90d0ebd3075d139ab807ba40f2c35234e28cbe41d04ac51dd3939222267232e005acb1c28e0d6be27b5a434ef79aa45e3f44f6265df146d93cac7a8a3912c
ssdeep: 49152:xvbuqm6zaHe0OxLSKFmQTVJXkzEmtqI3SzG8y7BMJmzVd+DtvJzi:NbRWjCFmQTVJX6E8q6SzG8SMJmTQvJW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B957E6137D0C07BC1723A31C55EA3F8F1D99D70CA75868766803E7A3A745A29A3C72B
sha3_384: 7557cc2fe6783f1283a5806ee5996bd475c3d5cb01e00c55f4e1d289b86ea4385eff7d2830d0617c0ffd668c66c56a3c
ep_bytes: e829820000e979feffff3b0d60875800
timestamp: 2014-05-29 17:11:48

Version Info:
CompanyName: PC HealthFix
FileDescription: PC HealthFix Uinstaller
FileVersion: 1.0
InternalName: PC HealthFix Uninstaller
LegalCopyright: PC HealthFix  All rights reserved.
OriginalFilename: PCHFUninstall.exe
ProductName: PC HealthFix 
ProductVersion: 1.0
Translation: 0x0409 0x04e4

PUA:Win32/HealthFix also known as:

Bkav	W32.Common.184F1FD0
Lionic	Trojan.Win32.Agent.Y!c
MicroWorld-eScan	Gen:Variant.Johnnie.310358
FireEye	Gen:Variant.Johnnie.310358
Skyhigh	Artemis!Trojan
McAfee	Artemis!2386A177F364
Cylance	unsafe
Alibaba	Trojan:Win32/FakeAV.bf2fb99c
VirIT	PUP.Win32.PCSoftware.A
Kaspersky	Trojan-FakeAV.Win32.Agent.gcp
BitDefender	Gen:Variant.Johnnie.310358
NANO-Antivirus	Trojan.Win32.FakeAV.fmbjeb
Avast	Win32:Malware-gen
Rising	Trojan.Agent!8.B1E (CLOUD)
Emsisoft	Gen:Variant.Johnnie.310358 (B)
F-Secure	Trojan.TR/FakeAV.1912424
DrWeb	Program.Unwanted.1266
VIPRE	Gen:Variant.Johnnie.310358
TrendMicro	TROJ_GEN.R002C0XAG24
Sophos	Generic Reputation PUA (PUA)
Ikarus	Trojan-FakeAV.Win32.Agent
GData	Gen:Variant.Johnnie.310358
Jiangmin	Trojan.Agent.dyn
Webroot	Pua.Pchealthfix
Google	Detected
Avira	TR/FakeAV.1912424
Arcabit	Trojan.Johnnie.D4BC56
ZoneAlarm	Trojan-FakeAV.Win32.Agent.gcp
Microsoft	PUA:Win32/HealthFix
VBA32	TrojanFakeAV.Agent
ALYac	Gen:Variant.Johnnie.310358
MAX	malware (ai score=88)
Malwarebytes	Generic.Malware/Suspicious
TrendMicro-HouseCall	TROJ_GEN.R002C0XAG24
Tencent	Malware.Win32.Gencirc.1150bc39
Yandex	Trojan.GenAsa!bfXiSrtiggQ
MaxSecure	Trojan.Malware.1293892.susgen
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS

How to remove PUA:Win32/HealthFix?

PUA:Win32/HealthFix removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X