PUA

PUP.Optional.eSupportNTFSUndelete malicious file

Malware Removal

The PUP.Optional.eSupportNTFSUndelete is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUP.Optional.eSupportNTFSUndelete virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Detects Bochs through the presence of a registry key
  • Attempts to modify proxy settings

How to determine PUP.Optional.eSupportNTFSUndelete?



File Info:

name: 0EB11F11E1F502E65DC8.mlw
path: /opt/CAPEv2/storage/binaries/a493da4e2ee07ce0040cda645641363f6e6673bc58a18029270b4869c2d3638b
crc32: 3C0BD92B
md5: 0eb11f11e1f502e65dc8057b9106432c
sha1: c2d63cfae96fc2d05015103679654ff773282c50
sha256: a493da4e2ee07ce0040cda645641363f6e6673bc58a18029270b4869c2d3638b
sha512: 001479103bcde707121d20dba9072c971247df698306d51dd5b71da672b5d9a04a552e474b5dfc56581171dbc7f36a0b22d68a08e054a38caabaa05c2bac73a2
ssdeep: 98304:lv/inGvFQIyC8IgU2f933gJtBkidJL3CELXxHazx5KmDs:R/ik8jpwJtBjdrLBax58
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BD0633BDBFD228B6F307CCB09C5E85404B5CA8931CA161BBB5922E5A3BC5746CC9B354
sha3_384: ee2e380f2bcdf620d8d2e7c7bb5a15d53fdc3706adf96b019c8c578a2b01c9a90ffd8353d00cd94b61f4a8332ed6a134
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Copyright © 2011 eSupport.com • All Rights Reserved         
FileDescription: NTFS Undelete Setup                                         
FileVersion: 3.0.2.830           
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

PUP.Optional.eSupportNTFSUndelete also known as:

DrWebProgram.Unwanted.684
MalwarebytesPUP.Optional.eSupportNTFSUndelete
ESET-NOD32a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe
RisingPUF.Ask!1.E03F (CLASSIC)
EmsisoftApplication.Toolbar (A)
IkarusPUA.INNO.APNToolbar
JiangminWebToolbar.Asparnet.fl
GoogleDetected
Antiy-AVLGrayWare[Toolbar]/Win32.Bundled.ask
XcitiumMalware@#2upj2oqtnrkej
FortinetAdware/Asparnet
DeepInstinctMALICIOUS

How to remove PUP.Optional.eSupportNTFSUndelete?

PUP.Optional.eSupportNTFSUndelete removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment