PUA

How to remove “PUP.Optional.Wilsys”?

Malware Removal

The PUP.Optional.Wilsys is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUP.Optional.Wilsys virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempted to write directly to a physical drive
  • Anomalous binary characteristics

How to determine PUP.Optional.Wilsys?


File Info:

name: 89191DC56FCC8BFD5D6B.mlw
path: /opt/CAPEv2/storage/binaries/01e2493fc18a7d7e21123c625ca41b918846627bfbecab75333533846346e03b
crc32: 1B62C951
md5: 89191dc56fcc8bfd5d6bb37a3867b50d
sha1: 0a506e9166ed3b35a9f58a4f4a0e91983fda5a6d
sha256: 01e2493fc18a7d7e21123c625ca41b918846627bfbecab75333533846346e03b
sha512: 803d8375645bbbaeb2e4c8e1bfcd7ba792414b12eb0e9ed4d1668cc13b133a20d83bed11f892dad8b682a8bedaca1e34a758bc613e818dfe8bfe47154ae49d2a
ssdeep: 6144:nFBlobFo8RIkmQhJb+UNHFMLWVVmFlIiG1NCtqmtdaOXNIJU3u30Ql+BFoqjHH6N:nnloJYQh9rNzVKumzR9/xnFnHy7t1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BDA423F24376A232E0E19F341BDB8988E9F5EF5923509B276042B1385F2F65DAD161F0
sha3_384: 3f53bead9632c73f83381e2a4a1d89fb061b8382cd4882c7fb4c6558c9e7174bebbd83318780aa36e45e9c1ec9ea6a82
ep_bytes: 6801404b00e801000000c3c37b904d13
timestamp: 2013-09-05 07:27:37

Version Info:

CompanyName: WilSys Co., Ltd.
FileVersion: 1.0.2.2631
ProductVersion: 1.0.2.2631
FileDescription: WilSys Control 1.0.2.2631
InternalName: WilSys.exe
LegalCopyright: Copyright (C) 2013
OriginalFilename: WilSys.exe
ProductName: WilSys Control
Translation: 0x0809 0x04b0

PUP.Optional.Wilsys also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
DrWebTrojan.DownLoader12.53578
FireEyeGeneric.mg.89191dc56fcc8bfd
McAfeePUP-FDW
CylanceUnsafe
SangforPUP.Win32.ELEX.PD
BitDefenderThetaGen:NN.ZexaF.34592.BG1aaaKBs@dj
VirITTrojan.Win32.Generic.ALXF
CyrenW32/S-f6569645!Eldorado
SymantecSecurityRisk.BL
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Adware.ELEX.PD
APEXMalicious
KasperskyTrojan.Win32.Agentb.acya
NANO-AntivirusTrojan.Win32.Agent.cxivbp
SUPERAntiSpywarePUP.Wilsys/Variant
AvastWin32:Adware-gen [Adw]
TencentMalware.Win32.Gencirc.10b38230
ComodoApplication.Win32.ELEX.DAQ@5l1b01
ZillyaTrojan.Agentb.Win32.1566
TrendMicroTROJ_SPNV.03JG13
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.gc
Trapminemalicious.moderate.ml.score
SophosElex (PUA)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Agentb.afb
GoogleDetected
AviraTR/Wysotot.Gen
Antiy-AVLTrojan/Generic.ASMalwS.422
KingsoftWin32.Troj.Agentb.ac.(kcloud)
GDataWin32.Application.Elex.AD
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Agentb.R83184
VBA32Trojan.Agentb
MalwarebytesPUP.Optional.Wilsys
TrendMicro-HouseCallTROJ_SPNV.03JG13
YandexTrojan.Agentb!8k0CzSAEQFA
IkarusTrojan.Win32.Agent
FortinetW32/Agentb.ACYA!tr
AVGWin32:Adware-gen [Adw]
PandaTrj/Genetic.gen

How to remove PUP.Optional.Wilsys?

PUP.Optional.Wilsys removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment