PUA

WeiDuan GameBox (PUA) removal

Malware Removal

The WeiDuan GameBox (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What WeiDuan GameBox (PUA) virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Network activity detected but not expressed in API logs
  • Attempts to modify browser security settings

How to determine WeiDuan GameBox (PUA)?


File Info:

crc32: BEDDD9B1
md5: bed6fef99cb9ba0cd5aaba0f2c0ead5f
name: BED6FEF99CB9BA0CD5AABA0F2C0EAD5F.mlw
sha1: e91cddd510a4d57f826567faf043b859dfbb3a0b
sha256: 5e9ec33468cb363944f228b2b4ac2e54ec462b4d29f845dba37e0741ef993f6f
sha512: 43f78cf7d77db76f9fcbd7ee6a7f0eed53d4a7b79f510986fe7b0723e3beb6643e62e39d0e3c674efc9cd45d3a9a34d8cc6ca5fb2fbea1edccd5cd822d034da3
ssdeep: 98304:0BcewE8II1n5PvdMnSZqNoAaydXAooz71l+JsOIA:6wfZ5PvDqG2XBolTOI
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: x6b66x4fa0x98ce
ProductVersion: 2.2.21.1104
ProductName: x6c5fx6e56x60a0x60a0
FileVersion: 2.2.21.1104
FileDescription: x6c5fx6e56x60a0x60a0
Translation: 0x0804 0x04b0

WeiDuan GameBox (PUA) also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
ClamAVWin.Malware.Fsysna-9760418-0
Cybereasonmalicious.99cb9b
SymantecML.Attribute.HighConfidence
APEXMalicious
SophosWeiDuan GameBox (PUA)
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Fsysna.lpr
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3PUP/Win.GameBox.C4370922
McAfeeGenericRXPB-EB!BED6FEF99CB9
VBA32BScope.Adware.Presenoker
RisingAdware.Agent!1.CE37 (CLASSIC)
IkarusTrojan.Fsysna

How to remove WeiDuan GameBox (PUA)?

WeiDuan GameBox (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment