Categories: PUA

PUA:Win32/Yantai removal instruction

The PUA:Win32/Yantai is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PUA:Win32/Yantai virus can do?

Presents an Authenticode digital signature
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)

Related domains:

z.whorecord.xyz

ht.sulang.com

a.tomx.xyz

How to determine PUA:Win32/Yantai?


File Info:
crc32: 330D5B2Dmd5: 83e50859569ea3c27785f77a32a1f775name: ansys.exesha1: c43f6edb15d50f9ecda97826aab280441c8d9c92sha256: 24647752e6605f3649f726b286d267e1bdf4411989ea1d4229a030cf15a0a159sha512: 3a0444aceef96116180219bad0526db9c48dc73369619024b3e180316c8968801731cf181dce95bb7ce1b818d609b88d16468f7d65a0f9b3f06fe1bedcaee891ssdeep: 12288:INIFPCNmW/roIOK5sh7hKahobtecZiMNGMi+YNzzeSZKWeX8zdHg:6IFP0mW/rHOK+h7IbtecIM4Mi+YNzzP8type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Downloaderx7248x6743x6240x6709InternalName: DownLoad.exeFileVersion: 1.0.0.1ProductName: Downloaderx5e94x7528x7a0bx5e8fProductVersion: 1.0.0.1FileDescription: Downx3000loaderOriginalFilename: DownLoad.exeTranslation: 0x0804 0x04b0

PUA:Win32/Yantai also known as:

DrWeb	Adware.ShouQu.41
MicroWorld-eScan	Gen:Variant.Johnnie.85379
FireEye	Generic.mg.83e50859569ea3c2
CAT-QuickHeal	Trojan.IGENERIC
ALYac	Gen:Variant.Johnnie.85379
Malwarebytes	Adware.ChinAd
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Adware ( 0050fcab1 )
BitDefender	Gen:Variant.Johnnie.85379
K7GW	Adware ( 0050fcab1 )
Cybereason	malicious.9569ea
Invincea	heuristic
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Adware-gen [Adw]
GData	Gen:Variant.Johnnie.85379
Alibaba	AdWare:Win32/Xiaoxiong.f0f468ca
NANO-Antivirus	Riskware.Win32.Xiaoxiong.eoblsj
Rising	Malware.Generic.5!tfe (CLOUD)
Ad-Aware	Gen:Variant.Johnnie.85379
Sophos	Generic PUA ME (PUA)
Comodo	Application.Win32.Xiaoxiong.AD@6ln25d
F-Secure	Heuristic.HEUR/AGEN.1016616
Zillya	Adware.XiaoxiongCRTD.Win32.11454
TrendMicro	HT_XIAOXIONG_GD210040.UVPM
McAfee-GW-Edition	PUP-XCG-LO
Emsisoft	Gen:Variant.Johnnie.85379 (B)
Ikarus	PUA.Xiaoxiong
Webroot	W32.Adware.Gen
Avira	HEUR/AGEN.1016616
Antiy-AVL	Trojan/Win32.TSGeneric
Endgame	malicious (high confidence)
Arcabit	Trojan.Johnnie.D14D83
Microsoft	PUA:Win32/Yantai
AhnLab-V3	PUP/Win32.Helper.R198813
McAfee	PUP-XCG-LO
MAX	malware (ai score=99)
VBA32	BScope.Adware.ShouQu
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Adware.Xiaoxiong.C
TrendMicro-HouseCall	HT_XIAOXIONG_GD210040.UVPM
Tencent	Win32.Trojan.Zusy.Ecan
Yandex	PUA.Xiaoxiong!
SentinelOne	DFI – Suspicious PE
eGambit	Generic.Adware
Fortinet	Riskware/Xiaoxiong
AVG	Win32:Adware-gen [Adw]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (D)
MaxSecure	Trojan.Malware.10758686.susgen