PWS:MSIL/Petun.A removal tips

The PWS:MSIL/Petun.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PWS:MSIL/Petun.A virus can do?

Executable code extraction
Creates RWX memory
Drops a binary and executes it
Network activity detected but not expressed in API logs
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine PWS:MSIL/Petun.A?


File Info:
crc32: 4AB91C2F
md5: 82d215a75fb488924bd0b6c9b8eb7c8b
name: 82D215A75FB488924BD0B6C9B8EB7C8B.mlw
sha1: 479d006342c914ffd4bc403572fc0fe81218e4a4
sha256: b09eb23e23e8af6efcef8dcc7124f17a762c740b62410cef160f105d889eaf5f
sha512: ca2704696a293b6c0214ccfc6c1180335e41b8e5fb6f21062d23987ec931bea2205c420dd16609af08c6f884d9a1fbbb323522426e16eb726541ffe3e42a98ff
ssdeep: 768:UhGivbbvmmRmjU0WwDThQ0YxyJbtsJp5JrFFnCiFJzu06rwZ:gXmmRmjU0BDlQlA6p5hFFnCiFp6r8
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Microsoft
Assembly Version: 1.0.0.0
InternalName: Karma Koin Codes.exe
FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
FileDescription: Karma Koin
OriginalFilename: Karma Koin Codes.exe

PWS:MSIL/Petun.A also known as:

MicroWorld-eScan	Trojan.GenericKD.40460664
CAT-QuickHeal	Trojan.Orsam.A3
Qihoo-360	Win32/Trojan.55c
McAfee	PWS-Zbot.gen.yg
Cylance	Unsafe
VIPRE	Trojan-PWS.MSIL.Petun.a (v)
Sangfor	Malware
K7AntiVirus	Trojan ( 700000121 )
BitDefender	Trojan.GenericKD.40460664
K7GW	Trojan ( 700000121 )
Cybereason	malicious.75fb48
Arcabit	Trojan.Generic.D2696178
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZemsilF.34152.cm0@aeE2WDd
Cyren	W32/MSIL_Troj.F.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Spy.Agent.BP
TrendMicro-HouseCall	TROJ_GEN.FCBEZHE
ClamAV	Win.Packed.Zbot-8176461-0
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	TrojanPSW:MSIL/Petun.5bf9e859
NANO-Antivirus	Trojan.Win32.TrjGen.dhbnsn
AegisLab	Trojan.Win32.Generic.4!c
Rising	Trojan.MSIL.KeyLogger!1.647D (CLOUD)
Ad-Aware	Trojan.GenericKD.40460664
Emsisoft	Trojan.GenericKD.40460664 (B)
Comodo	Worm.Win32.KeyLogger.AutoRun.AE@4pfb41
F-Secure	Trojan.TR/Spy.Gen
DrWeb	Trojan.Siggen3.14508
Zillya	Trojan.Agent.Win32.770818
TrendMicro	TROJ_GEN.FCBEZHE
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.82d215a75fb48892
Sophos	Mal/Agent-ASV
APEX	Malicious
F-Prot	W32/MSIL_Troj.F.gen!Eldorado
Jiangmin	Trojan/Generic.nxos
Webroot	W32.Malware.Gen
Avira	TR/Spy.Gen
Fortinet	MSIL/Kryptik.GBD!tr
Antiy-AVL	Trojan/Win32.AGeneric
Microsoft	PWS:MSIL/Petun.A
SUPERAntiSpyware	Trojan.Agent/Gen-Petun
ZoneAlarm	HEUR:Trojan.Win32.Generic
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Petun.C123857
ALYac	Trojan.GenericKD.40460664
MAX	malware (ai score=100)
VBA32	CIL.StupidPInvoker-1.Heur
Malwarebytes	Trojan.KeyLogger.MSIL
Ikarus	Trojan-Spy.Win32.Zbot
Panda	Generic Malware
Tencent	Win32.Trojan.Spy.Ebgs
Yandex	Trojan.Agent!fxZ3Ay20Fzo
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_100%
GData	MSIL.Trojan-Spy.Petun.B
AVG	MSIL:KeyLogger-AB [Spy]
Avast	MSIL:KeyLogger-AB [Spy]
CrowdStrike	win/malicious_confidence_100% (D)
MaxSecure	Trojan.Malware.7164915.susgen

How to remove PWS:MSIL/Petun.A?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

PWS:MSIL/Petun.A removal tips