PUA

About “PUP.Optional.PriceFountain” infection

Malware Removal

The PUP.Optional.PriceFountain is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUP.Optional.PriceFountain virus can do?

  • Unconventionial language used in binary resources: Hebrew
  • Authenticode signature is invalid
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system

How to determine PUP.Optional.PriceFountain?



File Info:

name: D166281BE5D7D92421FB.mlw
path: /opt/CAPEv2/storage/binaries/2330b7db6a350c1261c672589ae204b35fb62506bed8a11c888950d4dca5750c
crc32: 2F798174
md5: d166281be5d7d92421fb7b8e590ef7bc
sha1: 7e4899729724888b875ebcdce4c60c6d6a26f388
sha256: 2330b7db6a350c1261c672589ae204b35fb62506bed8a11c888950d4dca5750c
sha512: d730d8332b47ecd3c28d05f17026f7b930413dc39e8f1955d2175ab19d416c907c4f809e3a636c49a983ccc950f0d6cd90eb5ef8d52c3012b6986457f6b38be7
ssdeep: 6144:O5LrRcskPd8Uz3WmyqyFSEZ+xiTvrltDmARO9VF/6Q4jQeKoJ:KRcskPdb3yFS8MiTv32VF/fLoJ
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T115745A01B281E071D8BE01B46A38AB77153EBE518BE6C9D7E38448AD4D701D19FB3B67
sha3_384: 25154e383ba3fd74a81b6ab1cba2595369dea915dd952a84b718549f25b9d31d92c9740fb516df0529beb47dfc0ae431
ep_bytes: 558bec837d0c017505e8cd9e0000ff75
timestamp: 2015-12-12 22:15:33


Version Info:

FileVersion: 1.1.0.9
InternalName: prfo.dll
LegalCopyright: Copyright (C) 2014
OriginalFilename: prfo.dll
ProductVersion: 1.1.0.9
Translation: 0x0009 0x04b0

PUP.Optional.PriceFountain also known as:

LionicAdware.Win32.Generic.2!c
DrWebAdware.DealPly.260
MicroWorld-eScanGen:Variant.Adware.PriceFountain.1
FireEyeGeneric.mg.d166281be5d7d924
CAT-QuickHealPUP.PriceFountain.D5
SkyhighPUP-FGA
ALYacGen:Variant.Adware.PriceFountain.1
SangforTrojan.Win32.Save.a
CrowdStrikewin/grayware_confidence_100% (D)
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
ArcabitTrojan.Adware.PriceFountain.1
BitDefenderThetaGen:NN.ZedlaF.36680.vu8@aWVH5JiO
SymantecAdware.DealPly
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/DealPly.CI potentially unwanted
CynetMalicious (score: 100)
APEXMalicious
Kasperskynot-a-virus:UDS:AdWare.Win32.DealPly.heur
BitDefenderGen:Variant.Adware.PriceFountain.1
NANO-AntivirusVirus.Win32.Gen.ccmw
SUPERAntiSpywarePUP.PriceFountain/Variant
AvastWin32:BrowseFox-AIE [Adw]
TencentMalware.Win32.Gencirc.10b0e710
EmsisoftGen:Variant.Adware.PriceFountain.1 (B)
F-SecureHeuristic.HEUR/AGEN.1302012
VIPREGen:Variant.Adware.PriceFountain.1
TrendMicroADW_DEALPLY.SMCI
SophosPriceFountain (PUA)
WebrootPua.Adware.Pricefountain
VaristW32/S-ed781133!Eldorado
AviraHEUR/AGEN.1302012
Antiy-AVLGrayWare[AdWare]/Win32.DealPly.ci
XcitiumApplication.Win32.DealPly.E@6765lz
MicrosoftBrowserModifier:Win32/Prifou
ZoneAlarmnot-a-virus:UDS:AdWare.Win32.DealPly.heur
GDataWin32.Adware.DealPly.S
GoogleDetected
AhnLab-V3PUP/Win32.Dealply.R174855
McAfeePUP-FGA
MAXmalware (ai score=67)
VBA32BScope.Adware.DealPly
MalwarebytesPUP.Optional.PriceFountain
TrendMicro-HouseCallADW_DEALPLY.SMCI
RisingAdware.DealPly!1.A3EF (CLASSIC)
YandexPUA.DealPly!NlYgi8w/ejc
IkarusPUA.DealPly
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/DealPly
AVGWin32:BrowseFox-AIE [Adw]
DeepInstinctMALICIOUS

How to remove PUP.Optional.PriceFountain?

PUP.Optional.PriceFountain removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment