PUA

PUA:Win32/Widdit removal guide

Malware Removal

The PUA:Win32/Widdit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA:Win32/Widdit virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine PUA:Win32/Widdit?



File Info:

name: 0A2C8AAA26DB0EE70FF9.mlw
path: /opt/CAPEv2/storage/binaries/f2679956ff051855c86aaee3bc30a31b2bb3cc7e6b784504fc2b7715e537fb66
crc32: 036CC30B
md5: 0a2c8aaa26db0ee70ff96665175e8319
sha1: 695d644092634c974d514c223d67c8780e89f459
sha256: f2679956ff051855c86aaee3bc30a31b2bb3cc7e6b784504fc2b7715e537fb66
sha512: 6999d8c9957a2984104228b3007d7c21e0958ee87306db3d1875eac44d4deec912ba3141047474b68b9ba14dc31ad683a7b8e429afb2844c021e1015ed1b6ab7
ssdeep: 98304:6bBW6BvekC8g9Vre01zjQ96+3BXMEhE85lReh0ZdSI0Ha9ZWK:6bBWsNVg2QfSd3d9hF5lRoIz6K
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A8563303F3D388BBE68164B85C42925D9F67F5E809F6750E6CB9CF0D98367468831B62
sha3_384: f432e3c26e182221bfafa86db5e4bb409d5cfc38f35d5646c1878622b7d3730598ddc6adf76212c90d1ed351a5a85066
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2012-07-09 13:41:29


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: y-mule.com                                                  
FileDescription: yMule Youtube Downloader Setup                              
FileVersion: 2.1                 
LegalCopyright: Copyright (c) 2010, y-mule.com                                                                      
ProductName: yMule Youtube Downloader                                    
ProductVersion: 2.1                 
Translation: 0x0000 0x04b0

PUA:Win32/Widdit also known as:

LionicRiskware.Win32.Generic.1!c
CylanceUnsafe
SangforPUP.Win32.Widdit.mt
ESET-NOD32a variant of Win32/Complitly.A potentially unwanted
Paloaltogeneric.ml
NANO-AntivirusTrojan.Win32.Generic.deiojy
AvastFileRepMetagen [Malware]
SophosGeneric PUA GJ (PUA)
ComodoApplicUnwnt@#3fpl9xjjrxy9b
TrendMicroPUA_BROWSEFOX.SMD
McAfee-GW-EditionBehavesLike.Win32.BadFile.tc
GDataWin32.Application.SimplyTech.A
AviraPUA/Widdit.Gen
Antiy-AVLTrojan/Generic.ASCommon.1B4
ViRobotAdware.Simplytech.6041281
MicrosoftPUA:Win32/Widdit
McAfeeArtemis!0A2C8AAA26DB
VBA32SigAdware.SimplyTechLtd
MalwarebytesMalware.AI.3627629608
TrendMicro-HouseCallPUA_BROWSEFOX.SMD
FortinetW32/Complitly.A
AVGFileRepMetagen [Malware]

How to remove PUA:Win32/Widdit?

PUA:Win32/Widdit removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment