PUA

PUP.Optional.AppDater removal instruction

Malware Removal

The PUP.Optional.AppDater is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUP.Optional.AppDater virus can do?

  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine PUP.Optional.AppDater?


File Info:

name: 17381046D31D445D6113.mlw
path: /opt/CAPEv2/storage/binaries/89585fe707ba16355ea7c2ab2dbdcf90936fc32e78410050a624b65014f455df
crc32: 9A4E41E2
md5: 17381046d31d445d611304fc52280ebd
sha1: a7e1191ec15b6acb4e6bebe17d5e32fd37335d8b
sha256: 89585fe707ba16355ea7c2ab2dbdcf90936fc32e78410050a624b65014f455df
sha512: eec77163dae6559e759c534d92d29f42b527ecf605947ceee2426dede08a6ab3bfb69606246bc1ccba95b7c60fce0aa6b47585360f22063f8e8d2b7338f01d9e
ssdeep: 6144:Y6FDtmO9kckU9Ha99AviYhpynUG1SqFyoajcp888888888888W88888888888gL:bzz9kcfR8Avi0pyn04hajcp88888888s
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18A742833A2C207FFE1A6D63C4866E530DC3F7AA428D1585A5EF7C88C0A391C16879797
sha3_384: ff058831ed69a6e82e3ad47f3d0026d713d32d739021be7cf6ac29974c64752307d0855d2d03f55ee1bfcb2dfda1c7e9
ep_bytes: 558bec83c4c853565733c08945cc8945
timestamp: 2019-08-13 15:25:15

Version Info:

CompanyName: Lead Labs LLC
FileDescription: Chromium rendering host
FileVersion: 1.1.1.0
InternalName: Render
LegalCopyright: Lead Labs LLC, 2019
LegalTrademarks: Lead Labs LLC
OriginalFilename: Render.exe
ProductName: Appdater
ProductVersion: 1.1.1.0
Comments:
Translation: 0x0409 0x04e4

PUP.Optional.AppDater also known as:

LionicVirus.Win32.Parite.lVuJ
MicroWorld-eScanTrojan.GenericKD.50092201
FireEyeTrojan.GenericKD.50092201
ALYacTrojan.GenericKD.50092201
CylanceUnsafe
K7AntiVirusTrojan ( 0058f74c1 )
AlibabaTrojan:Win32/GenCBL.cb35c329
K7GWTrojan ( 0058f74c1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenCBL.BUM
Paloaltogeneric.ml
Kasperskynot-a-virus:VHO:Downloader.Win32.DaterApp.gen
BitDefenderTrojan.GenericKD.50092201
AvastFileRepMalware [Misc]
TencentWin32.Trojan.Falsesign.Dwtk
Ad-AwareTrojan.GenericKD.50092201
ZillyaTrojan.GenCBL.Win32.6421
TrendMicroTROJ_GEN.R002C0WDE22
McAfee-GW-EditionArtemis
EmsisoftTrojan.GenericKD.50092201 (B)
GDataTrojan.GenericKD.50092201
JiangminDownloader.DaterApp.bo
WebrootW32.Malware.Gen
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win.Generic.C5087270
McAfeeArtemis!17381046D31D
MAXmalware (ai score=84)
MalwarebytesPUP.Optional.AppDater
TrendMicro-HouseCallTROJ_GEN.R002C0WDE22
RisingDownloader.DaterApp!8.13A13 (CLOUD)
IkarusTrojan.Win32.Generic
FortinetW32/GenCBL.BUM!tr
AVGFileRepMalware [Misc]

How to remove PUP.Optional.AppDater?

PUP.Optional.AppDater removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment