What is "RiskWare.YouXun"?

The RiskWare.YouXun is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What RiskWare.YouXun virus can do?

A process attempted to delay the analysis task.
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Network activity contains more than one unique useragent.
Attempts to modify proxy settings
Generates some ICMP traffic

Related domains:

z.whorecord.xyz

a.tomx.xyz

api.pcsoft.jshhdian.com

ggstats.yb.jshhdian.com

eoud.dgygpx.com

www.baidu.com

api.yb.jshhdian.com

poik.dgygpx.com

ymte.sgdebao.com

How to determine RiskWare.YouXun?


File Info:
crc32: A9EDC262
md5: d474588b16b6dae9bb292610a1d98380
name: ________________24_312.exe
sha1: afad50703e0f31f25c9af66ca8870d1717379386
sha256: 78c576acbdc310699920243bd58cf5b9249807c56906c260cd8d441e3e6b7b2b
sha512: 1ef2ac9b6364aab1d3da77a5000dea42ee5849ddd2d42336ac7ccb77faa3ccd1772266a6ac631aa41b263ae138cbb9736d95dc4b17a01bf25691a50784e3dec0
ssdeep: 98304:7djrfbWvOUlCnJ+I9P0ABLGejAMJ8C2IXDOXqHBQ+RSQnhj1Emq3v05hX6mx3o1N:dCO0E0ABLlJfCQjqX3vU3IrftzUo
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
LegalCopyright: Copyright (C) 2019
FileVersion: 3.0.1.2
ProductName: x6781x901fx4e0bx8f7dx5668
ProductVersion: 3.0.1.2
FileDescription: x6781x901fx4e0bx8f7dx5668
OriginalFilename: Install.exe
Translation: 0x0804 0x03a8

RiskWare.YouXun also known as:

MicroWorld-eScan	Trojan.GenericKD.42284019
FireEye	Generic.mg.d474588b16b6dae9
CAT-QuickHeal	PUA.IgenericRI.S10596407
Qihoo-360	Win32/Virus.Downloader.b00
McAfee	GenericRXAA-AA!D474588B16B6
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Riskware ( 0050b49d1 )
BitDefender	Trojan.GenericKD.42284019
Cybereason	malicious.03e0f3
BitDefenderTheta	Gen:NN.ZexaF.34084.@pLfaqRCqwnj
F-Prot	W32/S-d8efc1c1!Eldorado
APEX	Malicious
Avast	Win32:Malware-gen
GData	Trojan.GenericKD.42284019
Kaspersky	not-a-virus:HEUR:Downloader.Win32.YXdown.pef
Ad-Aware	Trojan.GenericKD.42284019
Emsisoft	Trojan.GenericKD.42284019 (B)
F-Secure	PrivacyRisk.SPR/GameTool.Gen8
Zillya	Tool.YouXun.Win32.803
McAfee-GW-Edition	BehavesLike.Win32.Multiplug.rc
Trapmine	suspicious.low.ml.score
Ikarus	PUA.RiskWare.Youxun
Cyren	W32/S-d8efc1c1!Eldorado
Jiangmin	Downloader.YXdown.bz
Avira	SPR/GameTool.Gen8
Endgame	malicious (moderate confidence)
Arcabit	Trojan.Generic.D28533F3
ZoneAlarm	not-a-virus:HEUR:Downloader.Win32.YXdown.pef
Microsoft	Trojan:Win32/Wacatac.D!ml
AhnLab-V3	Malware/Win32.Generic.C3974891
ALYac	Trojan.GenericKD.42284019
MAX	malware (ai score=82)
VBA32	Downloader.YXdown
Malwarebytes	RiskWare.YouXun
ESET-NOD32	a variant of Win32/RiskWare.YouXun.H
Rising	Adware.Downloader!1.B962 (RDMK:cmRtazqNJNepVcp8MfFXEqb69QTV)
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/GenericKD.32784984!tr
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_80% (D)
MaxSecure	Trojan.Malware.74721109.susgen

How to remove RiskWare.YouXun?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “RiskWare.YouXun”?