PUA

About “PUA:Win32/IminentToolbar” infection

Malware Removal

The PUA:Win32/IminentToolbar is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA:Win32/IminentToolbar virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE detected the shellcode get eip malware family
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine PUA:Win32/IminentToolbar?



File Info:

name: D72A6323F29431519BAD.mlw
path: /opt/CAPEv2/storage/binaries/e1dc08e32cef17222129d2866487911cd87ba95d17d74290041b829aaa1fd52f
crc32: 6488C22E
md5: d72a6323f29431519bade03f5c9d7747
sha1: 1432cf26f2c1de47e12d418495dacccf00638959
sha256: e1dc08e32cef17222129d2866487911cd87ba95d17d74290041b829aaa1fd52f
sha512: b074e90d8b091f83220596c03a81150137e412f2b337f4df583c8f1228c6971b27fdaf2c44101282b8b4f83f41c7652f338d477a24422ffa8d308dd5f9033af5
ssdeep: 49152:vcHSKoGyTWaWsIBX8MIwVZXDw0/qg3E1roLEqE4WpUd3D6lCsM0kFdG:HKoJW5sIBNIOZXDX/qg3E1rqWSBD6lCs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BD958E3136E0C076D273363087DEA37DA7B9EA705E35068756A10E3A2E705D3992876F
sha3_384: c6955bf776981d9781ab0359d9b56c7a58f580c4cd6c1053e372be31b474973281668973242b064629198df66cffc3d0
ep_bytes: e8d08c0000e989feffff3b0db06f5a00
timestamp: 2013-03-21 09:38:59


Version Info:

CompanyName: LiveSoftAction
FileDescription: Download Manager
FileVersion: 1.0.11.0
InternalName: Setup.exe
LegalCopyright: (c) LiveSoftAction.  All rights reserved.
OriginalFilename: Setup.exe
ProductName: Download Manager
ProductVersion: 1.0.11.0
Translation: 0x0409 0x04e4

PUA:Win32/IminentToolbar also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanApplication.Bundler.LiveSoft.A
FireEyeGeneric.mg.d72a6323f2943151
CAT-QuickHealPUA.Livesoftac3.Gen
SkyhighArtemis
McAfeeArtemis!D72A6323F294
MalwarebytesPUP.Optional.InstallCore
ZillyaDownloader.GetNowCRTD.Win32.902
SangforPUP.Win32.Getnow.V6a2
K7GWUnwanted-Program ( 00586c571 )
K7AntiVirusUnwanted-Program ( 00586c571 )
VirITPUP.Win32.LiveSoftAction.B
SymantecPUA.Gen.2
ESET-NOD32a variant of Win32/GetNow.A potentially unwanted
AvastWin32:GetNow-C [PUP]
Kasperskynot-a-virus:HEUR:Downloader.Win32.Generic
BitDefenderApplication.Bundler.LiveSoft.A
NANO-AntivirusTrojan.Win32.Iminent.enzbue
SUPERAntiSpywarePUP.LiveSoftAction/Variant
TencentMalware.Win32.Gencirc.10bd9169
EmsisoftApplication.AdBundle (A)
GoogleDetected
F-SecurePotentialRisk.PUA/GetNow.Gen
DrWebAdware.Iminent.155
VIPREApplication.Bundler.LiveSoft.A
SophosLive Soft Action (PUA)
JiangminDownloader.Generic.axzm
WebrootPua.Livesoftaction
VaristW32/GetNow.A.gen!Eldorado
AviraPUA/GetNow.Gen
MAXmalware (ai score=74)
MicrosoftPUA:Win32/IminentToolbar
ArcabitApplication.Bundler.LiveSoft.A
ZoneAlarmnot-a-virus:HEUR:Downloader.Win32.Generic
GDataApplication.Bundler.LiveSoft.A
CynetMalicious (score: 99)
AhnLab-V3PUP/Win32.GetNow.R250839
VBA32Adware.Iminent
ALYacApplication.Bundler.LiveSoft.A
Cylanceunsafe
RisingPUF.GetNow!8.149 (TFE:5:p1FtzeNdJoT)
IkarusPUA.Getnow
MaxSecureDownloader.not-a-virus.WIN32.Downloader.Generic_183225
AVGWin32:GetNow-C [PUP]
DeepInstinctMALICIOUS

How to remove PUA:Win32/IminentToolbar?

PUA:Win32/IminentToolbar removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment