Categories: Malware

How to remove “Win32/FusionCore.BI potentially unwanted”?

The Win32/FusionCore.BI potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/FusionCore.BI potentially unwanted virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
Authenticode signature is invalid
Attempts to modify proxy settings
Harvests credentials from local FTP client softwares
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/FusionCore.BI potentially unwanted?


File Info:
name: 90F560CE71CC77FC2E12.mlwpath: /opt/CAPEv2/storage/binaries/d04bbcd2855d3bba4627cbb1da3a0e5fa79fe0b27b371024605ff1382ea94c58crc32: 50AC5C69md5: 90f560ce71cc77fc2e121761eeef265csha1: 85ff0ad4728e31539e1d3757a543d47e9cd42f74sha256: d04bbcd2855d3bba4627cbb1da3a0e5fa79fe0b27b371024605ff1382ea94c58sha512: c5a6b3890743ff0f1ea3f6fc9c2f28cf70e9f47c4067830ca63b38c3a1b10d386dc0d889c3041a553876b4a14fafd094f4a7d41279273b85148d6a8f9b9d54e1ssdeep: 196608:rfMrRO4EoVL+dERnwcEWx04G2rqw7F0+9hiKkDKQUXTFTSJ/CXX2iCfjFZoZNg:rfGjMERn+hZ+F50+90hMFTSdsX27o7gtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1B4D6334A4963CA4BCC6B6D3CDDF5FD83ACBCF986A0B84BA8B0055C8F725976E450E114sha3_384: d3cc6deaaad230e88515f3c8e206374ae98084d9602cd4fb9732a2d7610e09c842dd128692f9c5be2ebf3347c672937eep_bytes: 81ecd40200005356576a205f33db6801timestamp: 2018-12-15 22:24:36
Version Info:
CompanyName: Tim KosseFileDescription: FileZilla FTP ClientFileVersion: 3.50.0LegalCopyright: Tim KosseOriginalFilename: FileZilla_3.50.0_win32-setup.exeProductName: FileZillaProductVersion: 3.50.0Translation: 0x0409 0x04b0

Win32/FusionCore.BI potentially unwanted also known as:

Malwarebytes	Adware.FusionCore
CrowdStrike	win/grayware_confidence_100% (W)
ESET-NOD32	a variant of Win32/FusionCore.BI potentially unwanted
F-Secure	PotentialRisk.PUA/Fusion.AE
TrendMicro	PUA.Win32.FusionCore.SMBD2
Webroot	Pua.Filezilla.Sponsoredinstalle
Varist	W32/ABApplication.ZQCE-2120
Avira	PUA/Fusion.AE
Microsoft	PUABundler:Win32/FusionCore
Xcitium	ApplicUnwnt@#340d5v1j8gq41
Google	Detected
Cylance	unsafe
TrendMicro-HouseCall	PUA.Win32.FusionCore.SMBD2
Rising	Trojan.Generic@AI.100 (RDML:R5SrBlfZiGbXgHwnhfkohQ)
Yandex	Trojan.Igent.bXNyGy.16
Fortinet	Riskware/FusionCore
DeepInstinct	MALICIOUS