What is “PUA:Win32/Itva”?

Malware Removal

The PUA:Win32/Itva is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What PUA:Win32/Itva virus can do?

  • Attempts to connect to a dead IP:Port (2 unique times)
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Anomalous binary characteristics

Related domains:

node0.installtraffic.com
node1.installtraffic.com
node2.installtraffic.com

How to determine PUA:Win32/Itva?


File Info:

crc32: FA308D01
md5: 691df4159fa0efd639f9a9ad645cb0b3
name: traytorrent.setup.exe
sha1: e54f51f0cc752160b729b226ab48c01b4e17e511
sha256: 033e9c05d5da9bc8cb61b937c0da128e521ab1fcf501b82584ad0ee69b4c0e55
sha512: 4e266d69435d07fceebb8089cb407e440eefbc73446991375c977f361304e5f84fbcee59c989efcd9ed5c38f6f45ce984c9f7bcaccc951c15de1ac11d0d174d1
ssdeep: 393216:qOFuno5kSr0N+ZrbOvR/w9TVpP9HOTUtm:qOI9e0MrCK9TVpPSUtm
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: Copyright xa9 2004-2014 iTVA LLC.
InternalName: Installer
FileVersion: 1.0.20.0
CompanyName: iTVA LLC
LegalTrademarks: iTVA,InstallTraffic.
ProductName: Product Installer
ProductVersion: 1.0.20.0
FileDescription: Installer for InstallTraffic.com
OriginalFilename: Installer.exe
Translation: 0x0409 0x04e4

PUA:Win32/Itva also known as:

BkavW32.HfsAdware.A8F3
McAfeePUP-XGY-XK
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusAdware ( 004b92831 )
K7GWAdware ( 004b92831 )
ESET-NOD32Win32/Itva.A potentially unwanted
APEXMalicious
AvastWin32:Evo-gen [Susp]
Kasperskynot-a-virus:HEUR:AdWare.Win32.Agent.gen
AlibabaAdWare:Win32/Generic.a5a3cecb
NANO-AntivirusRiskware.Win32.Adw.dgvnpv
RisingTrojan.Win32.Generic.1776C864 (C64:YzY0OsX4qkBjOg8x)
Endgamemalicious (moderate confidence)
SophosGeneric PUA OF (PUA)
F-SecureTrojan.TR/Avti.fadp
DrWebAdware.Downware.11251
ZillyaAdware.BrowseFox.Win32.121507
Invinceaheuristic
McAfee-GW-EditionPUP-XGY-XK
IkarusTrojan.Win32.Agent
JiangminAdware.Agent.aked
WebrootW32.Trojan.Gen
AviraTR/Avti.fadp
MicrosoftPUA:Win32/Itva
AhnLab-V3PUP/Win32.Helper.R271414
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.Agent.gen
VBA32BScope.Adware.Downware
MalwarebytesPUP.Optional.Itva
YandexRiskware.Agent!
AVGFileRepMetagen [Adw]
Paloaltogeneric.ml

How to remove PUA:Win32/Itva?

PUA:Win32/Itva removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment