Risk

Win32/RiskWare.ShouQu.A removal instruction

Malware Removal

The Win32/RiskWare.ShouQu.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/RiskWare.ShouQu.A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32/RiskWare.ShouQu.A?



File Info:

name: 7765C4AA8BD668FE17F7.mlw
path: /opt/CAPEv2/storage/binaries/495ad011fc3c919b4ff08f7864cdcc9a96a5ea336817d7082f23949fae83d8fa
crc32: 5D4B0BAC
md5: 7765c4aa8bd668fe17f79e21849bce6f
sha1: ddd88db889e1b57fb3548d0f1c465333d0e41152
sha256: 495ad011fc3c919b4ff08f7864cdcc9a96a5ea336817d7082f23949fae83d8fa
sha512: cf2121caa0a8c2080785562e94b961c86842d5ea680b2dd788381183c3a093b9dee764cfd8a1217aae545d6d2a2f234a3147961334cb161e0a6ceafb2fa5a5c6
ssdeep: 24576:QyyH6eGM7JdoV9jm/QVD8AAKaVTFQKS8J5ABZPQa:FRe9UGlAAKu6KSm5ABZB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T179252325B671C873F3A1D5B0B93A12B8597BBD612DB5500178AF38CEAE37780784734A
sha3_384: 361f501338d2ffed7991b7ad7dc578b283249a9bb8756f66f16d818870fb54e2d241ef2d33d5100371df1c6b067c206c
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: 乐娱盒子                                                        
FileDescription: 乐娱盒子安装程序                                                    
FileVersion: 1.0.3.5             
LegalCopyright:                                                                                                     
ProductName: 乐娱盒子                                                        
ProductVersion: 1.035               
Translation: 0x0000 0x04b0

Win32/RiskWare.ShouQu.A also known as:

BkavW32.AIDetectMalware
ZillyaDownloader.OutBrowse.Win32.3623
K7AntiVirusRiskware ( 0049d8641 )
K7GWRiskware ( 0049d8641 )
ESET-NOD32a variant of Win32/RiskWare.ShouQu.A
CynetMalicious (score: 100)
NANO-AntivirusRiskware.Win32.ShouQu.ewdpxv
Antiy-AVLRiskWare/Win32.ShouQu
VBA32BScope.Downloader.BindEx
MalwarebytesGeneric.Malware/Suspicious
RisingTrojan.Generic@AI.100 (RDML:3ZYRRZvhsPXsPVL2MY/FMA)
FortinetRiskware/ShouQu
CrowdStrikewin/grayware_confidence_60% (W)

How to remove Win32/RiskWare.ShouQu.A?

Win32/RiskWare.ShouQu.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment