PUA

Should I remove “PUA:Win32/Reimage”?

Malware Removal

The PUA:Win32/Reimage is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA:Win32/Reimage virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Steals private information from local Internet browsers
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz
www.efix.com

How to determine PUA:Win32/Reimage?



File Info:

crc32: 56964C3E
md5: a8730f5c9ce6011f15635bd04cc14ba9
name: efixpro.exe
sha1: a9fc7e75163997fcbf7c7846db214d92439c9aef
sha256: 2151d0f6cc945c140fabe5b95874b12c3892e9f0725f9fed8f98b6a7e46954e1
sha512: 3acf2880907e26bb70b4a0ef26e3c3236f39edae7cedc65f94e41e826a0b2b687745141eed026193d84785f419448141b571ee903525d0deb5758b25043d16b9
ssdeep: 12288:YAuS0SXuFR+3wrMiHQ1R8BkKhQfjQ7qWSAzUX0O994yIo2YiMSqEnaBxCtoX:YrSjqEAM0Q1Fjv0UZ94u2JqE4xjX
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 eFix 2014
InternalName: eFix Pro Downloader
FileVersion: 1.517
CompanyName: eFixxae
LegalTrademarks: eFix
Comments: eFix Pro Downloader
ProductName: eFix Pro
ProductVersion: 1.517
FileDescription: eFix Downloader
OriginalFilename: eFixPro.exe
Translation: 0x0000 0x04b0

PUA:Win32/Reimage also known as:

MalwarebytesPUP.Optional.Reimage
K7AntiVirusAdware ( 004dcd551 )
K7GWAdware ( 004dcd551 )
APEXMalicious
SophosGeneric PUA KJ (PUA)
DrWebProgram.Unwanted.497
CyrenW32/Trojan.UQCN-7066
MicrosoftPUA:Win32/Reimage
CylanceUnsafe
ESET-NOD32a variant of Win32/ReImageRepair.J potentially unwanted
eGambitPUP.Optional.Reimage
FortinetRiskware/Generic_PUA_KJ
WebrootPua.Reimage.Repair

How to remove PUA:Win32/Reimage?

PUA:Win32/Reimage removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment