PUA

PUA:Win32/Ymacco removal guide

Malware Removal

The PUA:Win32/Ymacco is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA:Win32/Ymacco virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Deletes executed files from disk

How to determine PUA:Win32/Ymacco?



File Info:

name: F7F2147FED56ED3975BE.mlw
path: /opt/CAPEv2/storage/binaries/950f9352dfc80801f032a8ce6ae44c62ef128a1530928b209a3e494e1ffacdad
crc32: 0C6D21A6
md5: f7f2147fed56ed3975be06ef3c2541df
sha1: 564726697a5e7ed04ec58650febf876d2850066e
sha256: 950f9352dfc80801f032a8ce6ae44c62ef128a1530928b209a3e494e1ffacdad
sha512: 06eb5c4a221f1f841ac5c2a8c3e02924ac1db86ccb9b8ecad0c135b0c827d0a214ce76094940b8045263216d59c21de41c8258af1870f28c03ca4da8ab761df9
ssdeep: 49152:AGeBOn7D/yu2TBhufk+9FIZdKNf9tTBGxX0FJzd8XO37:deoP/yvTBcfJ9FP93GxX0FJSXO37
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1229533206E47687AF8E68D3EBC34F205691EF9255D3E951C366C968E0E3F26313197C4
sha3_384: ce613f2063fe81964b7af16fe69cdbc710831522299b263b399fe271560cf60cc0f6d41d5ed19972191fbead0a941fea
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: RegistryCleanFixer2008, Inc.                                
FileDescription: RegistryCleanFixer2008 Setup                                
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

PUA:Win32/Ymacco also known as:

LionicTrojan.Win32.RegCleanFix.c!c
MicroWorld-eScanGen:Variant.Tedy.369237
FireEyeGen:Variant.Tedy.369237
SkyhighBehavesLike.Win32.ObfuscatedPoly.tc
MalwarebytesGeneric.Malware/Suspicious
VIPREGen:Variant.Tedy.369237
SangforRiskware.Win32.Agent.ky
AlibabaTrojan:Win32/RegCleanFix.2f00df2a
SymantecHeuristic.ADH
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/Adware.RegistryCleanFix2008
APEXMalicious
KasperskyTrojan-FakeAV.Win32.RegCleanFix.d
BitDefenderGen:Variant.Tedy.369237
NANO-AntivirusTrojan.Win32.FakeAV.dfacir
AvastWin32:Adware-gen [Adw]
TencentWin32.Trojan-FakeAV.Regcleanfix.Fkjl
SophosGeneric Reputation PUA (PUA)
F-SecureDropper.DR/FraudTool.RegCleanFix.D
DrWebTrojan.Fakealert.13427
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Tedy.369237 (B)
WebrootW32.Malware.Gen
AviraDR/FraudTool.RegCleanFix.D
Antiy-AVLTrojan[FakeAV]/Win32.RegCleanFix
KingsoftWin32.Troj.Undef.a
MicrosoftPUA:Win32/Ymacco
XcitiumApplicUnwnt@#3a0wuxerqg5t3
ArcabitTrojan.Tedy.D5A255
ViRobotAdware.RegCleanFix.2047329
ZoneAlarmTrojan-FakeAV.Win32.RegCleanFix.d
GDataGen:Variant.Tedy.369237
CynetMalicious (score: 100)
ALYacGen:Variant.Tedy.369237
VBA32TrojanFakeAV.RegCleanFix
Cylanceunsafe
PandaTrj/CI.A
RisingTrojan.RegCleanFix!8.7505 (TFE:5:t8bsCTUokMS)
YandexTrojan.GenAsa!8HfCYKy3GeI
FortinetW32/Malware_fam.NB
AVGWin32:Adware-gen [Adw]
Cybereasonmalicious.fed56e
DeepInstinctMALICIOUS
alibabacloudTrojan[dropper]:Win/RegCleanFix.d

How to remove PUA:Win32/Ymacco?

PUA:Win32/Ymacco removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment