Categories: PUA

PUA:Win32/Ushendu removal

The PUA:Win32/Ushendu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA:Win32/Ushendu virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine PUA:Win32/Ushendu?



File Info:

crc32: 8988ED05md5: c78f2e8534c4963d8f9055861f0708dbname: C78F2E8534C4963D8F9055861F0708DB.mlwsha1: 064dc9c167451c711e26f9b0f3c88d3b6c644c79sha256: de8656f7b965a04fcff690c98dbbe135f74520ff9067cce024078bdd9a4ebddesha512: e51a0e55deff68642e5c7c03dbc3075a3c9b044d6e5beb4e04be439f246b2ffc5f257bfef9dbc243f37a78a020d2adfe92591a6fa6d464a63e2b640bc07d3372ssdeep: 49152:xUTsamYxUa2ZK/m0W90oi0piAKjDgJG8V1UsbHToWL1OU:xaHUDKe0W90oVkXDgH1UkTtL1Htype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: (C) UQiDong.Com All Rights Reserved.FileVersion: 7.0.16.712CompanyName: UQiDong.ComComments: UQiDong.ComProductName: Ux542fx52a8x88c5x673ax7248x5b89x88c5x7a0bx5e8fProductVersion: 7.0.16.712FileDescription: Ux542fx52a8x88c5x673ax7248x5b89x88c5x7a0bx5e8fTranslation: 0x0804 0x04b0

PUA:Win32/Ushendu also known as:

MicroWorld-eScan AIT:Trojan.Nymeria.4316
FireEye Generic.mg.c78f2e8534c4963d
McAfee Artemis!C78F2E8534C4
Cylance Unsafe
AegisLab Trojan.Win32.Nymeria.4!c
Sangfor PUP.Win32.Ushendu.mt
K7AntiVirus Trojan ( 700000111 )
BitDefender AIT:Trojan.Nymeria.4316
K7GW Trojan ( 700000111 )
Symantec ML.Attribute.HighConfidence
APEX Malicious
Rising Adware.OpenUrl/Autoit!1.C4BD (CLASSIC)
Ad-Aware AIT:Trojan.Nymeria.4316
Emsisoft AIT:Trojan.Nymeria.4316 (B)
F-Secure Heuristic.HEUR/AGEN.1102725
McAfee-GW-Edition BehavesLike.Win32.TrojanAitInject.vc
Sophos Generic PUA AG (PUA)
Ikarus Trojan.Jord
Avira HEUR/AGEN.1102725
MAX malware (ai score=81)
Antiy-AVL GrayWare/Autoit.BinToStr.a
Microsoft PUA:Win32/Ushendu
Gridinsoft Trojan.Win32.Downloader.oa
Arcabit AIT:Trojan.Nymeria.D10DC
GData AIT:Trojan.Nymeria.4316 (3x)
Cynet Malicious (score: 90)
ALYac AIT:Trojan.Nymeria.4316
Malwarebytes Malware.AI.3957223602
ESET-NOD32 a variant of Win32/UShenDu.A potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R002H09B421
eGambit Unsafe.AI_Score_100%
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Win32/Trojan.Loda.HgIASOYA

How to remove PUA:Win32/Ushendu?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: PUA:Win32/Ushendu
3 years ago

Recent Posts

Jaik.11356 information

The Jaik.11356 is considered dangerous by lots of security experts. When this infection is active,…

7 mins ago

How to remove “Ransom.Loki.6468”?

The Ransom.Loki.6468 is considered dangerous by lots of security experts. When this infection is active,…

8 mins ago

TrojanDropper:Win32/Wykcores.A removal guide

The TrojanDropper:Win32/Wykcores.A is considered dangerous by lots of security experts. When this infection is active,…

34 mins ago

Malware.AI.148074552 malicious file

The Malware.AI.148074552 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

About “Trojan-Downloader.Win32.Upatre.fxzr” infection

The Trojan-Downloader.Win32.Upatre.fxzr is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

What is “Script:SNH-gen [Drp]”?

The Script:SNH-gen [Drp] is considered dangerous by lots of security experts. When this infection is…

2 hours ago