PUA

PUA:Win32/KoreaContents information

Malware Removal

The PUA:Win32/KoreaContents is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUA:Win32/KoreaContents virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Network activity detected but not expressed in API logs

How to determine PUA:Win32/KoreaContents?


File Info:

crc32: CA44C2A8
md5: b3412b1474688dd74b242a455afbd70e
name: install_ad007.exe
sha1: 2143cf3080b16055a6c854acfb0fe30d043de16d
sha256: bd462522f6cb18ae49036d1e61fa33f24c20bb9f6e6d27fe4ac9c5839464a043
sha512: 2d4240a8f849ece96ab4c2f6de5c15df6f00122fb272b291cff96aebe1ebd7f14b28140f5de8b9fac4e4c9438bf1452e5976f4c4c4d2b9ce4409c1d5fe57a0c5
ssdeep: 12288:937h6cT888888888888W888888888889ysd4WxV6lpMbuj7otGWXxAuiJdU1B1jc:B7h5yqlxVaRWGWXSTSB6yVXSP
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright:
FileVersion:
CompanyName: Korea Contents Network, Inc.
Comments: This installation was built with Inno Setup.
ProductName: xc560xb4dcxb9e4xce6d
ProductVersion:
FileDescription: xc560xb4dcxb9e4xce6d Setup
Translation: 0x0000 0x04b0

PUA:Win32/KoreaContents also known as:

BkavW32.HfsAdware.D8A7
MicroWorld-eScanApplication.Generic.1797234
CMCAdWare.Win32.Agent!O
CAT-QuickHealPua.Agent
McAfeeArtemis!B3412B147468
VIPRETrojan.Win32.Generic!BT
K7GWAdware ( 004b046c1 )
K7AntiVirusAdware ( 004b046c1 )
BaiduMulti.Threats.InArchive
NANO-AntivirusTrojan.Win32.CloverPlus.bblhol
SymantecPUA.SponsorKeyword
TotalDefenseWin32/FakeAV.IVQJEFD
TrendMicro-HouseCallADW_CLOVERPLUS
GDataApplication.Generic.1797234
Kasperskynot-a-virus:AdWare.Win32.Agent.yje
BitDefenderApplication.Generic.1797234
AvastWin32:CloverPlus-A [Adw]
SophosGeneric PUA NN (PUA)
ComodoApplication.Win32.Adware.CloverPlus.A
F-SecureApplication.Generic.1797234
DrWebAdware.Siggen.24381
ZillyaAdware.CloverPlusCRTD.Win32.4020
TrendMicroADW_CLOVERPLUS
McAfee-GW-EditionArtemis!PUP
EmsisoftApplication.Generic.1797234 (B)
WebrootAdware.Gen
AviraADWARE/Rogue.598312.2
ArcabitApplication.Generic.D1B6C72
ZoneAlarmnot-a-virus:AdWare.Win32.Agent.yje
MicrosoftPUA:Win32/KoreaContents
AVwareTrojan.Win32.Generic!BT
MAXmalware (ai score=85)
VBA32AdWare.Agent
ESET-NOD32a variant of Win32/Adware.CloverPlus.AB
YandexTrojan.Agent!fDg3Vqfs97g
Ikarusnot-a-virus:AdWare.Win32.Agent
FortinetAdware/Agent
AVGWin32:CloverPlus-A [Adw]

How to remove PUA:Win32/KoreaContents?

PUA:Win32/KoreaContents removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment