Malware

Should I remove “Win32/MyPlayCity.A potentially unwanted”?

Malware Removal

The Win32/MyPlayCity.A potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/MyPlayCity.A potentially unwanted virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • Attempts to modify Internet Explorer’s start page
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Win32/MyPlayCity.A potentially unwanted?



File Info:

name: 576061F26AC0EB1001EF.mlw
path: /opt/CAPEv2/storage/binaries/8e27c6761fa31cea3221f4607497f28ff1d7dee8248c4e3cecc123015de30dae
crc32: E8B8C5A7
md5: 576061f26ac0eb1001efd210ecfd70b4
sha1: 1db7a6e52316932338ae78a73127cccada4e574d
sha256: 8e27c6761fa31cea3221f4607497f28ff1d7dee8248c4e3cecc123015de30dae
sha512: d26f3a7d9ae157032d972b21c383b43c93da2c3b999f32c4e2f671a5aed2c50fac826857558ec0658a26286378d921238cbf6ba0baf3b6db037fe436c019b602
ssdeep: 49152:BjO9v+S0g3RydrNXIOKFWpDT0TeNeZYMA5s0zTbSxypAFlK03LqNcsoo+AgwmjSu:p1NXIBFWpASMA+k3+5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19BE57D53B291503BD0A7173E493B5664DC3BBA242B6A9CD76FF88D4C0E352812D3A787
sha3_384: ba28d78f66c7bb097d43ae7d49f126f0a6cce8b33af49ee7a6576db8f70a8e6ee1bd0926f4fa80a0ca849db6063d3ebf
ep_bytes: 558bec83c4f0b898e85400e8bc45ebff
timestamp: 2013-03-25 21:38:02


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 9.0.2.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Comments: 
Translation: 0x0419 0x04e3

Win32/MyPlayCity.A potentially unwanted also known as:

BkavW32.AIDetectMalware
ESET-NOD32Win32/MyPlayCity.A potentially unwanted
Kasperskynot-a-virus:HEUR:Downloader.Win32.Agent.gen
TencentMalware.Win32.Gencirc.13fc73a6
SentinelOneStatic AI – Suspicious PE
JiangminDownloader.Agent.lhg
Antiy-AVLRiskWare[Downloader]/Win32.Agent
ZoneAlarmnot-a-virus:HEUR:Downloader.Win32.Agent.gen
GoogleDetected
VBA32suspected of Trojan.Downloader.gen
RisingTrojan.Generic@AI.100 (RDML:qLD5WQN8Qf/Ejr7XBx3HkA)
IkarusPUA.MyPlayCity
MaxSecureTrojan.Malware.300983.susgen
CrowdStrikewin/grayware_confidence_70% (D)

How to remove Win32/MyPlayCity.A potentially unwanted?

Win32/MyPlayCity.A potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment