PUA

What is “PUP.Optional.ShopperPro”?

Malware Removal

The PUP.Optional.ShopperPro is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUP.Optional.ShopperPro virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Loads a driver
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Attempts to create or modify a Browser Helper Object
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

rep.shopper-pro.com
updatejs.shopper-pro.com
repjs.shopper-pro.com

How to determine PUP.Optional.ShopperPro?


File Info:

crc32: FA8F99BE
md5: c7cc163116134b780ca7b6d191b8648c
name: C7CC163116134B780CA7B6D191B8648C.mlw
sha1: ca12089707b4ac42d481101df9950bc1ab5824e6
sha256: bc73af884a671771c9f0fc29ecbaff79a593e4644cea494945a7e5b481e44152
sha512: 0716110fc4edfcd2e8ed41e0f30af94947fe13342ff4f7fd4ed9bb4c83c4b8f2202c27cd85a4724d9364eb36dd7ae3a19d1e2b54211d0383ac5fa555e9b9576b
ssdeep: 98304:EN0koucJxVo2jjd7+6Fd1SutLhyLfSRX+Hc1DFgp49fqyFv4wtmWQF9:EN0kBcJxW2jjd66FjLtLwDSRX+8Nup42
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Version Info:

FileVersion: 3.1.9588.1965
ProductVersion: 3.1.9588.1965
Translation: 0x0409 0x04e4

PUP.Optional.ShopperPro also known as:

Elasticmalicious (high confidence)
DrWebAdware.Plugin.209
CynetMalicious (score: 100)
CAT-QuickHealAdWare.NSIS.Shopro.A
CylanceUnsafe
SangforRiskware.Win32.Agent.ky
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaAdWare:Win32/SpeedBit.73ceca3b
Cybereasonmalicious.116134
CyrenW32/ShopperPro.G.gen!Eldorado
SymantecTrojan.Gen.6
ESET-NOD32a variant of Win32/SpeedBit.G potentially unwanted
APEXMalicious
AvastNSIS:Adware-PQ [PUP]
Kasperskynot-a-virus:AdWare.NSIS.Agent.cv
BitDefenderAdware.ShopperPro.H
NANO-AntivirusTrojan.Nsis.Drop.dfvfjd
ViRobotAdware.Shopperpro.4713796
MicroWorld-eScanAdware.ShopperPro.H
TencentWin32.Risk.Adware.Taoy
SophosGeneric PUA MK (PUA)
VIPREAdware.NSIS.Agent
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
FireEyeGeneric.mg.c7cc163116134b78
EmsisoftAdware.ShopperPro.H (B)
SentinelOneStatic AI – Suspicious PE
AviraADWARE/Adware.Gen
MicrosoftTrojan:Win32/Wacatac.A!ml
GDataNSIS.Application.Crypted.C
AhnLab-V3PUP/Win32.Speedbit.R153008
McAfeeArtemis!C7CC16311613
MAXmalware (ai score=86)
VBA32Adware.Agent
MalwarebytesPUP.Optional.ShopperPro
PandaTrj/CI.A
AVGNSIS:Adware-PQ [PUP]
Paloaltogeneric.ml

How to remove PUP.Optional.ShopperPro?

PUP.Optional.ShopperPro removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment