PUA

PUP.Optional.FusionCore removal

Malware Removal

The PUP.Optional.FusionCore is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What PUP.Optional.FusionCore virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Attempts to connect to a dead IP:Port (10 unique times)
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Creates a hidden or system file
  • Attempts to modify proxy settings

Related domains:

newfreescreensavers.com
www.bing.com
crt.sectigo.com
crt.usertrust.com
ocsp.comodoca.com
ocsp.usertrust.com
ocsp.sectigo.com
ssl.google-analytics.com
ocsp.pki.goog
www.newfreescreensavers.com

How to determine PUP.Optional.FusionCore?


File Info:

crc32: 383C237F
md5: d52876f5373c59f3a6f67835f6e206b4
name: D52876F5373C59F3A6F67835F6E206B4.mlw
sha1: 98476bce26cb4e8accfe40bb28bf87c5eca74e8b
sha256: d795631333cfcd319050f429905049dbed94bfc5067d43a46a6cca3d6a8f270f
sha512: 18b0d18f4d3f9300e39a8515ec0190f491ee9610f5b8258c8387901c8a2b0c0537e27fea9a3d1adcd8d78e3e6abce289574f6ca4fcc2f9f7ad247deb38193ce9
ssdeep: 24576:nxGILiHaWvfSF50ayayZ6U6fHMJfMXV1Ei1jMULubGet3Pb8IDFtM5lxVT0G6Bzu:Qi4USnjNMXV1Ei1j9LubbPoIXM5FoXw/
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright:
FileVersion:
CompanyName: NewFreeScreensavers.com
Comments: This installation was built with Inno Setup.
ProductName: I Love My Dad New Free Screensaver
ProductVersion:
FileDescription: I Love My Dad New Free Screensaver Setup
Translation: 0x0000 0x04b0

PUP.Optional.FusionCore also known as:

BkavW32.AIDetect.malware2
LionicRiskware.Win32.Funshion.1!c
DrWebTrojan.InstallCore.3052
ALYacApplication.Agent.JKV
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_70% (D)
AlibabaDownloader:Win32/Funshion.25bbf26e
Cybereasonmalicious.5373c5
SymantecPUA.InstallCore
ESET-NOD32a variant of Win32/FusionCore.P potentially unwanted
APEXMalicious
AvastWin32:Malware-gen
Kasperskynot-a-virus:UDS:Downloader.Win32.Funshion
BitDefenderApplication.Agent.JKV
NANO-AntivirusTrojan.Win32.InstallCore.erztgi
ViRobotAdware.Installcore.1876954
MicroWorld-eScanApplication.Agent.JKV
SophosGeneric PUA JI (PUA)
ComodoApplicUnwnt@#31xvzn7f8vtuk
TrendMicroPUA.Win32.FusionCore.SMBD
McAfee-GW-EditionBehavesLike.Win32.InstallCore.tc
FireEyeGeneric.mg.d52876f5373c59f3
EmsisoftApplication.Downloader (A)
SentinelOneStatic AI – Suspicious PE
MicrosoftPUA:Win32/Presenoker
ZoneAlarmnot-a-virus:HEUR:Downloader.Win32.Funshion.gen
GDataWin32.Application.FusionCore.D
McAfeeArtemis!D52876F5373C
MAXmalware (ai score=72)
VBA32Downloader.Funshion
MalwarebytesPUP.Optional.FusionCore
TrendMicro-HouseCallPUA.Win32.FusionCore.SMBD
RisingTrojan.Generic@ML.86 (RDML:jddMbPixrz6cttDp2DHinw)
YandexPUA.Downloader!RpQY6B/waBE
MaxSecureTrojan.Malware.74524530.susgen
FortinetRiskware/Funshion
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove PUP.Optional.FusionCore?

PUP.Optional.FusionCore removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment