PUA

How to remove “PUP.Optional.WebCompanion”?

Malware Removal

The PUP.Optional.WebCompanion is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUP.Optional.WebCompanion virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine PUP.Optional.WebCompanion?



File Info:

name: 2DDC50F8D149BD4F9649.mlw
path: /opt/CAPEv2/storage/binaries/a756c313947a43edd9fbdca225aea51ca2c15aaaf33dc8cc33acb3a00178468c
crc32: C7838A16
md5: 2ddc50f8d149bd4f9649fad233aea535
sha1: 1277b87f83c7b55d51e32071a2c05e5f07c4bca7
sha256: a756c313947a43edd9fbdca225aea51ca2c15aaaf33dc8cc33acb3a00178468c
sha512: b33241340e0fd23a5cde47d057b144239f6f6eba79baa882cd9f1b375322a5b4cfe5640723382a195c3724c49c93c74218220ff42fbc03d75d5b424552c3d066
ssdeep: 12288:VG5knZfFKezH8fkSuY+GfR/9n8bwRK1MYXyW2t5oKSPnKYWyc:VG50ZfFKMHMRucR/986UnXyCKSPn/Wyc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16DC4F1113DE184B9D5510031D9B46FA5E2FAFE660E21486333993E3E3F7F68681319AD
sha3_384: c5f39fae4c982c2d69d4357277cf7fb524f10919c98bdda297b17096f15b1720c8b193c5fce7ed52d6b4a238cadc2ae1
ep_bytes: 558bec6aff68e8b9410068fc47410064
timestamp: 2011-04-18 18:54:06


Version Info:

FileVersion: 12.901.5.1061
ProductVersion: 12.901.5.1061
CompanyName: Lavasoft
FileDescription: Web Companion Installer
InternalName: Installer.exe
LegalCopyright: c Lavasoft Limited. All Rights Reserved.
OriginalFilename: Installer.exe
ProductName: Web Companion Installer
Translation: 0x0409 0x04b0

PUP.Optional.WebCompanion also known as:

Elasticmalicious (high confidence)
MalwarebytesPUP.Optional.WebCompanion
SangforTrojan.Win32.Webcompanion.Vwqq
CrowdStrikewin/grayware_confidence_70% (D)
ESET-NOD32a variant of MSIL/WebCompanion.C potentially unwanted
AvastFileRepPup [PUP]
SophosGeneric ML PUA (PUA)
WebrootW32.Adware.Gen
CynetMalicious (score: 100)
Cylanceunsafe
FortinetAdware/WebCompanion
AVGFileRepPup [PUP]
DeepInstinctMALICIOUS

How to remove PUP.Optional.WebCompanion?

PUP.Optional.WebCompanion removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment