Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/PUA
Threat report

Should I remove “PUP.Optional.BMMedia”?

Published Apr 21, 2024 PUA category 2 min read
Report context

What to verify before removal

This pua entry is most useful when Should I remove “PUP.Optional.BMMedia”? appears after a software bundle, browser extension install, or unwanted system utility. Treat it as moderate risk until you confirm whether the alert is tied to browser settings, scheduled tasks, or a persistent updater.

Start by comparing the local file name with 63ACE7932AD17EC3D5F5.mlw, then review the behavior notes for bundled installers, browser policy changes, notification abuse, and unwanted startup entries. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
63ACE7932AD17EC3D5F5.mlw
  • Compare the suspicious file name with 63ACE7932AD17EC3D5F5.mlw.
  • Confirm the detection name matches Should I remove “PUP.Optional.BMMedia”? before removing related files.
  • Review the report for bundled installers, browser policy changes, notification abuse, and unwanted startup entries so the cleanup is based on observed behavior, not only the label.
  • Remove the unwanted app, reset affected browser settings, and check extensions before reconnecting accounts.

The PUP.Optional.BMMedia is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What PUP.Optional.BMMedia virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family

How to determine PUP.Optional.BMMedia?



File Info:

name: 63ACE7932AD17EC3D5F5.mlw
path: /opt/CAPEv2/storage/binaries/a6bf21e1a15a1a84f528db8ee99e72fa11fe1f9d5b51412f11555c16af1f5680
crc32: B0A4507E
md5: 63ace7932ad17ec3d5f525810286d918
sha1: 8b10620f29ddcb88cc136352cc57835e6584076b
sha256: a6bf21e1a15a1a84f528db8ee99e72fa11fe1f9d5b51412f11555c16af1f5680
sha512: 43cc2da25e17d1e7bd6a849df3543bd5c0aa34448f43cb703a81ad60c4d2aa00b2849a13e5f1950f58c29afd8c613d36f2faa08deb6f64f87891959e741d6a81
ssdeep: 49152:zXSidT45mbrZ+ZkSR+JFsAD4GTZ2wP14IRCMkLmhedC1Wqp/tVkF6z9PHIBhmTuP:zfwmbrNJFslGF2wP1Z4LmheeHtGF6z9+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FDA59F12FBC08171E5D251BA52BE57BF4D39A631033992C3E3902D656DB06D2BB3D38A
sha3_384: 8d177e95ed72f9b6351f7f844c41d0b3fb1057c9e6520fc6de5ae3c51002694cdc2d346c77ee401a6b5ba9de4818435f
ep_bytes: e89f480100e989feffff8bff558bec51
timestamp: 2013-09-20 10:30:02


Version Info:

0: [No Data]

PUP.Optional.BMMedia also known as:

Bkav W32.Common.DBBB4B14
DrWeb Trojan.Skymoner.2
CAT-QuickHeal PUA.Ooolegamed.Gen
Skyhigh Artemis!Trojan
Malwarebytes PUP.Optional.BMMedia
Google Detected
Emsisoft Application.AdMedia (A)
Varist W32/ABAdware.SSIR-1655
Antiy-AVL GrayWare[AdWare]/Win32.DownloadAdmin
Microsoft PUADlManager:Win32/DownloadAdmin
McAfee Artemis!63ACE7932AD1
VBA32 BScope.Trojan.Skymoner
Cylance unsafe
Rising Adware.DownloadAdmin!8.13286 (CLOUD)
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/PossibleThreat
DeepInstinct MALICIOUS

How to remove PUP.Optional.BMMedia?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.